3rd Party Risk Management
,
Agentic AI
,
AI-Based Attacks
Also: Potential Fallout From HIPAA Rule Delay, AI Identity Governance Challenges
In this week’s panel, four ISMG editors discussed the rise of artificial intelligence-powered phishing toolkits, potential fallout from the U.S. government’s decision to delay a major overhaul of the HIPAA Security Rule and what security leaders see as the defining AI security challenges of 2026.
See Also: How to Defend Against AI-Powered Identity Fraud
The panelists – Anna Delaney, executive director, productions; Mathew Schwartz, executive editor, DataBreachToday and Europe; Marianne Kolbasuk McGee, executive editor, HealthcareInfoSecurity; and Tom Field, senior vice president, editorial – discussed:
- How increasingly AI-powered phishing toolkits are lowering the barrier to cybercrime by automating credential theft, bypassing multifactor authentication through techniques such as device code abuse and OAuth token theft, and enabling attackers to launch more sophisticated phishing campaigns at scale;
- Potential fallout from the Trump administration’s decision to delay a long-awaited HIPAA Security Rule overhaul that would require healthcare organizations and their third-party vendors to meet mandatory cybersecurity regulations, and why stronger security practices are critical as the healthcare sector faces growing AI-driven threats;
- Why AI governance has become the defining cybersecurity challenge of 2026, with shadow AI, non-human identities, visibility gaps and weak governance forcing security leaders to rethink identity, oversight and business enablement in the face of rapid AI adoption.
The ISMG Editors’ Panel runs weekly. Don’t miss our previous installments, including the July 3 edition on Russia’s role in the Jaguar Land Rover attack and the July 10 edition on CISA’s frontier AI strategy.

