AI and other top cybersecurity predictions for 2025

The new year brings new opportunities, but also the potential for new challenges.

Security leaders share some of their predictions for 2025.

Jeff Krull, Principal and Practice Leader at Baker Tilly

“While we hope we are wrong, the growing uncertainty in the world suggests that a significant cyberattack targeting critical infrastructure is increasingly likely. Sophisticated ransomware and state-sponsored attacks are evolving, and infrastructure such as power grids, telecommunications and water systems are prime targets. Nation states like North Korea, Russia and China have already demonstrated their cyber capabilities, and the U.S. remains a key target. The real threat is that critical infrastructure is far from rock solid. Incidents such as the high-profile SolarWinds breach and the recent CrowdStrike outage exposed vulnerabilities and sparked panic, yet the reality is that we dodged a major crisis. With escalating threats, the potential for a major attack on critical systems is growing. As attacks on essential services become more targeted, attribution will become a major challenge. If such an attack occurs, insurance companies may face delays in attribution, potentially paying out claims before the full scope of the damage is understood.”

Carl Froggett, CIO at Deep Instinct

“A new frontier in this battle may emerge as attackers exploit a growing weak point: employees' home environments. Many home internet networks, routers, and connected devices are plagued by zero-day vulnerabilities that vendors often fail to patch promptly—if at all. Even when patches are available, they are rarely installed automatically, leaving these systems exposed to exploitation.

Simone Sassoli, CEO at Virsec

“With cyberattacks continuing to evolve every year, 2025 will be about defending against bad actors’ use of AI to create variants of zero-day attacks at a speed that will be difficult to oppose, even with AI-enhanced defense. Especially as industries that generally carry legacy applications will be easier targets in a world of ransomware-as-a-service.”

Anna Pobletts, Head of Passwordless at 1Password

"In 2025, we’ll continue to see a steady rise in passkey adoption as more organizations embrace the unphishable security this technology brings, and the value it offers from a business and end-user perspective. We’ll see a deeper focus on technical improvements to passkeys like conditional creation (which allows websites to automatically upgrade users to passkeys) and related origins support (which enables passkeys to work across multiple domains under a single brand). These types of improvements will create a more intuitive UX for end users, driving people to proactively choose passkeys for its simplicity and enhanced security over traditional forms of authentication."

Maurice Uenuma, VP & GM, Americas and Security Strategist at Blancco

“Bad actors will leverage personal data & AI to launch more effective attacks: The NPD and MC2 breaches that took place in 2024 will enable cyber criminals to leverage far more personal data, combined with AI-generated “deep fakes,” to launch more realistic and effective phishing and spear phishing campaigns in 2025. Since the human element remains the most “hackable” security control, these attacks will likely lead to even more data breaches and/or compromise of control systems. When successful, spear phishing attacks can have devastating consequences, given the privileged access employees often have to sensitive data, financial transactions, and physical control systems.”

Andrey Leskin, CTO of Qrator Labs

“First and foremost, the cybersecurity industry will become more skeptical about the hoped-for AI tools. The initial excitement surrounding them will finally diminish, as no significant breakthroughs have occurred over the last two years. However, we might start to see some useful solutions for monitoring and threat detection next year. Nevertheless, these solutions are unlikely to sustain the current hype around AI, as they will not serve as a silver bullet or magic pill for the industry’s issues.”

Harman Kaur, VP of AI at Tanium

“By 2025, AI in cybersecurity will quickly move from chatbots to a more agent-driven approach. While chatbots offer value, agents represent a paradigm shift. Organizations leveraging automation will use agents for threat detection and autonomous responses. Additionally, agents will improve IT resource scalability and enhance cyber hygiene.”

Jordan Avnaim, CISO at Entrust

“Balancing innovation and safety is an age-old challenge. As the demand for cutting edge continues to rise, companies must navigate the security risks that new capabilities and tools pose. In 2025, organizations will need to go back to basics to protect their most sensitive information amid the rise of emerging technologies to safeguard their data. Depending on the organizations, this might mean introducing creative risk reduction tactics or offering additional security education to create a culture of cyber resilience that protects employees and customers from cyberattacks. At the end of the day, to stay competitive businesses must be quick on their feet and create an environment where innovation and security co-exist.”

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Taelor Sutherland is the Associate Editor at Security magazine. Sutherland covers news affecting enterprise security leaders, from industry events to physical & cybersecurity threats and mitigation tactics. She is also responsible for coordinating and publishing web exclusives, multimedia content, social media posts, and a number of eMagazine departments. Sutherland graduated in 2022 with a BA in English Literature from Agnes Scott College.