Digital wallets & AI threats to reshape ID security

Digital identity specialists expect 2026 to bring rising adoption of digital wallets and decentralised identity, alongside a shift in cybersecurity towards continuous monitoring of human and machine identities as organisations grapple with AI-driven threats.

Executives at Ping Identity said digital ID schemes and autonomous AI agents will reshape how organisations think about trust, risk and security over the next year.

The comments come as governments and businesses extend digital identity infrastructure and as security teams respond to a rapid increase in AI-enabled cyber attacks.

Digital wallets

Countries across Europe, Asia and the Americas are rolling out digital ID frameworks. Financial services, travel and public sector services now frequently rely on smartphone-based credentials.

Alex Laurie, GTM CTO at Ping Identity, said public anxiety around identity theft will remain high as these systems expand.

"The use of digital wallets and digital identification will continue to accelerate globally next year. However, as governments and organisations expand these systems, the risk of social engineering scams will remain a significant concern.

"With AI enabling hyper-realistic phishing attempts, fake payment portals and government gateways, identity theft fears will only intensify – and with 76% of Brits already concerned, awareness is critical.

"Decentralised identity offers a solution. By using verifiable credentials with selective disclosure, individuals can retain control of their personal data while governments and organisations can securely issue and authenticate digital identities. This cryptographic verification and data minimisation method will become more widely adopted in the year ahead, combating advanced social engineering attempts."Russ Kirby, Chief Information Security Officer, Ping Identity:

The new front line is 'Identity at Runtime'

Russ Kirby, Chief Information Security Officer, Ping Identity, says in 2026, the traditional cyber perimeter vanishes, and the new front line is 'Identity at Runtime' – the continuous, real-time pulse of every human and machine identity within an organisation.

"The convergence of AI-driven adversaries, agentic automation, and identity-centric compromise is forcing a fundamental change. Security can no longer be based solely on who has credentials; it must be based on what they are doing right now

"Autonomous AI agents - 'agentic identities' - will continue to surge, acting like non-human employees that need their own dedicated management. Failure to treat these agents with the same strict governance as a human employee will create massive, fast-moving blind spots.

"Meanwhile, organisations will continue to battle the growing threat of 'Shadow AI' - unsanctioned AI tools. Static controls will be no defence on these threats. Organisations must instead shift their posture to continuous identity and runtime assurance, mapping every process and workload action back to an authenticated identity. This allows defenders to detect and block malicious behaviour the instant it deviates from the norm.

"The strategic takeaway for CISOs is clear: identity is no longer a directory entry; it is a dynamic security signal. Cyber resilience in 2026 hinges on building an 'Identity-Runtime Mesh' - uniting identity, zero trust, and real-time workload security to ensure accountability and control at speed."