Seqrite, the enterprise security arm of Quick Heal Technologies Limited, has warned that password-based security systems are rapidly losing relevance as identity-centric attacks gain momentum across Indian organisations.
Findings from the India Cyber Threat Report 2026, compiled by researchers at Seqrite Labs, point to a decisive shift in the threat landscape, where identity is replacing the traditional network perimeter as the primary attack surface. According to the report, increasingly sophisticated AI-assisted attacks are rendering static password mechanisms ineffective, particularly in hybrid and cloud-first enterprise environments.
A key trend highlighted in the report is the growing weaponisation of OAuth tokens. Seqrite’s telemetry, drawn from more than eight million monitored endpoints, shows OAuth abuse emerging as a dominant vector in cloud intrusions. Attackers are exploiting misconfigured identity providers to impersonate legitimate users, move laterally across environments, and access sensitive resources without triggering conventional malware-based alerts. Behaviour-based detections blocked over 34 million anomalous activities, many of which were linked to identity misuse rather than executable malware, underlining the limits of perimeter-centric defences.
The report also examines how major ransomware campaigns in 2025 shifted tactics. Groups such as Qilin, Akira and Cl0p moved away from large-scale encryption towards identity-driven extortion, relying on stolen credentials and OAuth token manipulation to infiltrate cloud consoles and API endpoints. In India’s hybrid IT environments, on-premises systems accounted for 91% of detections, largely due to legacy exposure, while cloud environments represented 9% but faced more targeted identity-focused attacks, including configuration drift and unmanaged access.
Seqrite Labs observed that many cloud intrusions bypassed endpoint visibility altogether, instead exploiting OAuth abuse and API weaknesses that traditional password policies failed to contain. This collapse of the identity perimeter allows attackers to maintain persistence for extended periods, exfiltrating data through legitimate channels while remaining invisible to users and security teams.
Looking ahead, Seqrite forecasts that 2026 will see a sharp rise in so-called cognitive threats. Researchers predict adversaries will increasingly use generative AI to create deepfake-based authentication bypasses and automate credential-stuffing attacks at enterprise scale. Hyper-realistic impersonations could undermine even multi-factor authentication based on biometrics or behavioural signals, while gaps in zero-trust implementations around OAuth flows are expected to become prime entry points. Sectors such as education, healthcare and manufacturing—together accounting for 47% of detections in 2025—are flagged as particularly exposed.
In response, Seqrite is urging Indian enterprises to move decisively towards zero-trust identity management. The report recommends continuous authentication, behavioural biometrics and AI-driven identity correlation to replace static password-centric models. It also calls for just-in-time access, ephemeral credentials and anomaly detection across identity fabrics to counter token theft and OAuth abuse. An analysis of 265.52 million threat detections reinforces the conclusion that signature-based defences alone are insufficient against identity-driven attacks.
Beyond technology, Seqrite is also calling for stronger regulatory alignment on identity standards and greater cross-industry collaboration to establish national identity assurance frameworks. The company has expanded its enterprise portfolio with zero-trust identity modules under its Seqrite Threat Intelligence offerings, powered by its patented GoDeep.AI technology.
As India’s digital footprint continues to expand, the report concludes that organisations which fail to adapt to the identity-as-perimeter model risk severe breaches in 2026’s cognitive threat era—one in which human trust itself becomes the primary exploit vector and resilient identity architectures are critical to operational survival.