In today’s digital world, security isn't just a feature—it's the foundation of trust. As developers, understanding customer expectations around identity is critical. We talked to 6,750 consumers and shared those findings in the Auth0 Customer Identity Trends Report 2025. This article details significant challenges impacting user experience and trust, explores underlying identity trends, and outlines actionable solutions you should consider for building secure and trustworthy systems as AI agents become more prevalent.
AI identity threats for developers
As developers, you face a dual challenge of securing against escalating threats and meeting evolving user expectations. The Customer Identity Trends Report details key security issues for building trusted AI-powered applications as AI use increases:
- Signup attacks: Nearly half (46.1%) of all new registrations met the established criteria for a fraudulent attack. These attempts aren't just noise. They are resource drains and potential footholds for future breaches, often and increasingly fueled by AI.
- Account takeover (ATO): A significant portion (16.9%) of login attempts exhibited clear malicious behavior. Successful ATOs lead to unauthorized data access, financial loss, PII exposure, and regulatory fines, among other outcomes.
- Poor password hygiene: 68% of users admit to reusing passwords, with 53% saying it’s difficult to remember unique ones. This behavior lowers the barrier for attackers and makes accounts susceptible to brute force identity attacks.
- Multifactor authentication (MFA) abuse: Even MFA isn't foolproof, with 7.3% of all MFA events in Auth0 detected as malicious. Fatigue and SMS pumping attacks are common, with some industries seeing over 20% malicious MFA activity.
- AI agent distrust: User distrust in AI agents is high. 44% of non-users don’t trust AI agents with personal data, and 60% of survey respondents are concerned or very concerned about AI’s impact on privacy and security. Without robust IAM controls, AI agents create new vulnerabilities, risking unauthorized data access and justifying user concerns
Identity attacks and user behaviors are actively eroding customer trust in digital platforms. This challenge is only amplified by emerging AI technologies. Pervasive fraudulent signups and ATOs compromise user data, which only fuels security and privacy concerns for application users. Failing to secure digital identities is a threat to AI adoption. You are positioned to address these challenges by building robust identity layers that are critical for securing trust in the AI era.
Building AI trust and identity for developers
These user trends highlight core requirements developers must consider when designing, building, and deploying AI-powered applications:
- Security and trust are core requirements: 74% of application users prioritize a company's trustworthiness when creating an account. 72% prioritize security measures. This means security is not just a feature. It’s a core requirement that builds a foundation of trust for users.
- Friction impacts conversion: Arduous signup and login forms frustrate 62% of users. This friction directly impacts conversions, with 6% of consumers always and another 17% often abandoning online purchases because of it.
- Convenience influences adoption of authentication methods: While passwords are still considered to be the most convenient authentication method by 73% of users, modern methods like passkeys and biometrics are seen as highly secure and convenient. They are well-positioned to grow in popularity and adoption among users.
- Increasing AI trust is possible: While users have expressed concerns about AI, they also see value in it. 26% are likely to use AI for tedious, rules-based tasks like data analysis, while 38% prefer to keep humans in the loop for subjective, decision-making tasks. This demonstrates that increasing trust is achievable by building robust IAM controls into AI agents from the start.
Design identity for AI agents
To address these challenges, developers should focus on integrating secure and user-friendly identity solutions:
- Build modern authentication: Embrace modern authentication methods like passkeys, biometrics, and social logins. These options offer users more secure choices, highly resistant to common signup and login attacks, while easing the transition away from passwords.
- Deploy identity defenses for securing AI agents: Strengthen identity defenses by layering security measures across application layers. This includes using hosting provider protections like DDoS mitigation and rate limiting; enabling bot detection and stricter CAPTCHA requirements within your identity provider; and mandating password resets or MFA for compromised accounts to protect users from unauthorized access.
- Design identity for AI agents at the start: Consider identity for AI agents from the start of building applications. This means requiring agents to authenticate users securely, implementing strong identity controls for API interactions like securely vaulting access tokens, designing just-in-time authentication for asynchronous workflows, and applying the principle of least privilege through fine-grained authorization.
Implementing these strategies empowers developers to directly address changing identity challenges and increase trust in an increasingly AI-driven world.
Your next step in AI identity security
With identity-based attacks on the rise and a majority of users concerned about AI's impact on their security, waiting is not an option. Building trust is no longer a feature—it is the core requirement for any successful AI application. The path forward requires a multi-layered identity strategy that is both secure and frictionless.
The trends are moving fast. Get the data-backed insights you need to stay ahead.
Download the Auth0 Customer Identity Trends Report 2025 today.