Ad Image

74 Cybersecurity Predictions from Industry Experts for 2025

Cybersecurity Predictions from Industry Experts for 2025

Cybersecurity Predictions from Industry Experts for 2025

As part of this year’s Insight Jam LIVE event, the Solutions Review editors have compiled a list of predictions for 2025 from some of the most experienced professionals across the SIEM, Endpoint Security, Networking Monitoring, and broader cybersecurity marketplaces.

As part of Solutions Review’s annual Insight Jam LIVE event, we called for the industry’s best and brightest to share their SIEM, endpoint, and cybersecurity predictions for 2025 and beyond. The experts featured represent some of the top solution providers with experience in these marketplaces, and each projection has been vetted for relevance and ability to add business value.

Cybersecurity Predictions for 2025 and Beyond


Idan Plotnik, co-founder and CEO of Apiiro

Security architects will surrender to genAI and open-source developments:

“In 2025, the rise of generative AI and open-source developments will bring new layers of complexity to software architecture, challenging consistent security oversight. As development velocity accelerates, manual security reviews and checklists won’t keep up, and application security engineers and security architects will lose all control. Companies should pivot toward automation and integrated security tools that provide continuous, scalable oversight while embracing a shift-left security approach to keep pace with agile, AI-driven application development cycles.”

Software architecture complexity will challenge security posture control

“With AI and code generation becoming core to software development, we’re on the verge of unprecedented architectural complexity that will make traditional security posture control nearly impossible. By 2025, new forms of malware and open-source codebase vulnerabilities will emerge, and attackers will leverage AI to craft advanced, evasive malware.”

The rise of AI-driven threats in open-source

“In 2025, open-source software threats will shift from traditional vulnerabilities to AI-generated backdoors and malware embedded in open-source packages. With attackers leveraging AI tools to develop and disguise malware within open source code, addressing these new threats will require a significant advancement in security tools to stay ahead of these quickly evolving challenges.”


Nadir Izrael, co-founder and CTO at Armis Security

Unified Security Management for Holistic Risk Prioritization

“The rise of AI-driven cyber weapons and the increasingly blurred lines between military and civilian targets underscores the need for a holistic approach to security. A “single-pane-of-glass” strategy—one that consolidates security insights from diverse inputs like source code, misconfigurations, and vulnerabilities—will become essential to navigating the complexities of cyberwarfare in 2025.

“Unified security management platforms that integrate early-warning intelligence and risk prioritization across an enterprise’s entire infrastructure will be the cornerstone of cyber defense strategies. By offering a clear, comprehensive view of security vulnerabilities, risks, and threats, organizations can make more informed decisions and mitigate risks before they materialize into full-scale attacks.”


Yevgeny Dibrov, co-founder and CEO at Armis

Cybersecurity as a Board-Level Concern

“In 2025, cybersecurity will no longer solely be a technical issue relegated to IT teams—it increasingly becomes a board-level priority. With the rising frequency and severity of cyber-attacks, boards of directors will require platforms that provide executive-level visibility into their organization’s security posture. Platforms that offer executive dashboards and comprehensive reporting will empower board-level decision-making, ensuring cybersecurity is integrated into the organization’s strategic vision, thus aligning security efforts with business goals.”

Focus on Organizational Resilience

“In an era where cyber breaches are virtually inevitable, resilience will be as important as prevention. The ability to recognize an attack early, quickly recover from a breach, and continue operations with minimal to no impact on daily operations will be a key metric of success for organizations facing increasingly sophisticated, multi-stage cyber-attacks.”


Mark Lambert, Chief Product Officer at ArmorCode

Fragmentation of tools will lead to a focus on correlation and prioritization.

“In 2025, we will continue to see an influx of new application security solution providers entering the market. The pendulum has swung back from enterprises looking for single-vendor tool platforms back to best-of-breed tools that deliver more accurate results. However, this leads to an increase in siloed data and security debt, or backlog, which teams will struggle to address. There has already been a clear shift away from viewing security as a ‘zero-sum game’ and towards a focus on ‘business risk.’ Next year, the focus will be further refined to correlate data from across these disconnected tools and focus on the vulnerabilities at the top of the pyramid from a business impact perspective – and prioritize the reduction of technical debt in the areas that matter most.”

Vulnerability chaining

“AI-powered attacks will become significantly more aggressive in 2025, with vulnerability chaining emerging as a major threat. Attackers will leverage AI for more effective vulnerability identification and rapid exploitation by chaining multiple CVEs together to launch successful attacks. Once they find a vulnerability that allows a foothold into a network or system, they will use the chain of vulnerabilities to expand deeper or laterally. This also allows attackers to game-plan their approaches in advance. It will present a greater challenge for organizations to defend themselves while providing attackers with more opportunities to achieve their objectives.”


Chris Borkenhagen, CDO/CISO at AuthenticID

Staying Ahead of Cyber Threats

“Adopting a customized and business-specific zero-trust security strategy is critical for security leaders to combat cyber threats effectively. This approach treats every access request as a potential risk, with the adoption of complex multi-factor authentication (MFA) adding an extra layer of security. Staying informed about regulatory developments paralleled with retrospective reviews of industry breach incidents can provide valuable lessons for strengthening security postures. Embracing a ‘think like a hacker’ mentality also helps identify potential vulnerabilities and enhances proactive measures against unauthorized access.”


Ameesh Divatia, Co-Founder and CEO of Baffle

“Data security posture management has been perceived by many as a way to address the prevalence of data breaches today when, in fact, it’s just monitoring by a different name. Just like monitoring, there’s a good chance that the data has already been breached when you notice the problem. In the coming year, enterprises that actually care about their data will realize that protecting the data is the only answer. Lock the data up with encryption and hold the key tight, and the hacker will look for another target to breach.

“We are seeing an explosion of ‘security posture’ management for every aspect of the IT infrastructure—network, device, application, cloud, attack surface, identity, and finally, data. The perfect analogy is a guard outside your neighborhood bank or a security desk in your office building. It is a deterrent but by no means a protector of the asset. As engineers, we believe in designing a solution, not just monitoring for bad things to happen. 2025 will see the beginning of the end of posture management and the dawn of the ‘mitigation’ era, where we do something about attacks on our assets. We protect them in a way where the effort required to steal the asset outweighs the benefit, and the hacker moves on to an easier target.”


Gaurav Banga, the Founder and CEO at Balbix

“In 2025, GenAI will be more effective than ever. It will transform and reimagine business operations completely. Many cybersecurity programs will look to the technology for growth by increasing efficiency, limiting time spent on intensive tasks, and enabling teams to do more with less across the board. This will be especially helpful for industries operating with narrow margins and increased regulatory activity, like healthcare and smaller manufacturing companies. For these companies, their bottom line is dependent on improving operational efficiencies. These efficiencies powered by GenAI can make the difference in reducing overall cyber risk, despite smaller team sizes, due to its ability to identify anomalies and risks at speed and at scale, outpacing traditional methods.

“Companies that are slow to adopt GenAI will risk becoming obsolete, while forward-thinking companies that adopt the technology across all aspects of operations will come out on top. Additionally, we’ll see an increase in specialized GenAI models, fine-tuned to specific industries and regulatory requirements, fast-tracking further GenAI adoption and implementation.”


David Wiseman, the Vice President of Secure Communications at BlackBerry

Unseen Vulnerabilities: The Hidden Risks of ‘Free’ Communication Apps in 2025 

“It is not only espionage at the network level that is of concern; mobile spying is on the rise. People should think twice about what they are sharing on so-called ‘free’ messaging apps like WhatsApp and Signal.  The perceived security of popular communication apps like these will face growing scrutiny as their vulnerabilities become more apparent in 2025. In fact, it was recently found that the group APT41 is using updates to the LightSpy malware campaign to infiltrate common communications systems, notably WhatsApp. A rule of thumb: If it is free, you are the product, and your data can be sold, moved, and targeted. This leaves users’ metadata and personal information at risk of exposure or misuse by third parties.

“This concern goes beyond system availability; it’s about the uncertainty surrounding who has access to sensitive information and what they might do with it. As attackers increasingly weaponize insights from this data, the risks surrounding these tools grow significantly. Many assume these widely used communication apps are secure enough for sensitive information, trusting that their internal security teams would intervene if they weren’t secure. However, these platforms are often used without proper oversight or security controls, exposing both individuals and organizations to unnecessary risk.”


Jeffrey Wheatman, the SVP and Cyber Risk Strategist at Black Kite

There will be a rise in the vCISO and CISO consultants

“It’s no secret that there has been increased pressure on the CISO role over the past several years. From the rise of ransomware attacks, AI sparking new tactics, and more sophisticated social engineering attacks, companies now have to play good offense and defense to stay ahead of bad actors. With these pressures—plus often stretched security teams—CISOs will move out of in-house positions and into more consulting roles or vCISO roles in the coming year to better manage their workloads. If this trend comes to fruition, the impact on the industry could be immense. Having security leaders who are not in-house could create vulnerabilities or gaps in security, which can stifle organizations’ strategies and leave them open to attacks.”

There will be more shareholder action against companies that drop the cybersecurity ball

“It is not uncommon for shareholders to file lawsuits against companies for not doing ‘the right thing,’ and in 2025, we can expect to see more of this action being taken. When cyber incidents occur, they lead to substantial financial losses, regulatory fines, and damage to brand reputation—all of which directly impact shareholder value. Investors argue that neglecting cybersecurity reflects inadequate governance and risk management, especially when companies don’t prioritize safeguarding data and operational systems. In today’s threat landscape, a proactive approach to cybersecurity is essential for corporate responsibility. Shareholders will increasingly take legal action against companies that fail to implement effective cybersecurity measures, viewing it as a breach of fiduciary duty to protect assets.”


Mehdi Daoudi, CEO of Catchpoint

2025: The Year of Comprehensive Third-Party Risk Management in Business Continuity

“Third-party risk will dominate business continuity planning as companies rely more heavily not just on SaaS and cloud providers but also on a complex web of APIs, partner integrations, supply chains, and third-party code. This intricate network means that disruptions from any single vendor—or even a single integration—will have ripple effects across operations, potentially impacting entire supply chains and revenue. To mitigate these risks, proactive, real-time monitoring of all third-party interactions will be critical, with companies demanding full transparency and accountability on performance and recovery plans from all their critical vendors and partners.”

Digital Experience Becomes a Business Imperative, Powered by a Strong Internet Infrastructure

“Digital experience will emerge as a critical pillar of business success, supported by robust internet infrastructure. Each layer of the internet stack—DNS, APIs, CDNs, and other foundational components—will serve as the backbone of IT operations, ensuring the performance and reliability needed for an optimal digital experience. As businesses increasingly depend on seamless digital interactions, monitoring and optimizing these layers will become as essential as financial oversight. Companies will prioritize internet stack management to safeguard digital experience, recognizing it as a key driver of customer satisfaction, loyalty, and overall business growth.”


Tim Golden, CEO and Founder of Compliance Scorecard

Resource Constraints Hindering Compliance Efforts

“The ongoing shortage of skilled cybersecurity professionals will exacerbate staffing challenges for MSPs, leaving teams stretched thin and under-resourced. This could hamper their ability to meet compliance demands effectively. Resource limitations may result in compliance gaps and heightened vulnerability to security breaches, making workforce development a pressing need for MSPs in 2025.”

Increased Legal Accountability and Liability

“In 2025, evolving legal frameworks will place greater responsibility on MSPs for their clients’ cybersecurity, holding them liable for security breaches and compliance lapses. This heightened accountability is set to redefine service contracts and risk management strategies. MSPs without a thorough understanding of legal obligations may find themselves vulnerable to lawsuits and significant financial losses, emphasizing the need for legal expertise in their operations.”


Sri Sreenivasan, President at ConnectSecure 

Secure Data Clouds Become Non-Negotiable for Compliance

“With compliance frameworks like CMMC (Cybersecurity Maturity Model Certification) and stricter global regulations, secure data clouds will shift from being optional enhancements to essential infrastructure. Organizations in defense, healthcare, and other regulated industries will prioritize secure, compliant cloud solutions to meet mandatory standards and avoid penalties. Businesses not adopting these technologies risk falling behind or being excluded from critical contracts.”

Exploited Vulnerabilities Emerge as the Fastest-Growing Threat

“By 2025, exploited vulnerabilities will surpass phishing as the most rapidly growing cybersecurity threat. Attackers are increasingly automating the discovery and exploitation of unpatched systems, leaving organizations exposed. The sheer volume and sophistication of attacks will force Managed Service Providers (MSPs) to evolve, incorporating proactive vulnerability management solutions into their service offerings to protect clients and mitigate risks.”

Demand for Proactive Cybersecurity Outpaces Traditional Approaches

“As exploited vulnerabilities dominate headlines and compliance mandates intensify, businesses will demand proactive cybersecurity measures over reactive ones. MSPs that offer real-time threat detection, vulnerability assessments, and patching services will become the trusted partners of the future. The expectation will shift from simply responding to incidents to ensuring systems are continually hardened against evolving threats.”


Edward Bailey, Staff Senior Technical Evangelist at Cribl

“I believe that in late Q1 or Q2 2025, an industry trade group will file suit to challenge key Federal cybersecurity regulations. My guess is it will start with the SEC’s proposed amendments to Regulation SCI. Cybersecurity regulations created under the umbrella of the Gramm-Leach-Bliey Act are at risk as well. Healthcare cybersecurity regulations tied to reimbursements under the authority of the Centers for Medicare and Medicaid Services (CMS) are another set of regulations that may be targeted.

“A federal judge will grant an injunction that stops updates to Regulation SCI. The SEC’s position is given minimal weight by the court, substituting its own expertise and judgment over the law and factual issues, overruling the SEC, and striking down the proposed rule. After 3-5 years of appeals, the issue makes its way to SCOTUS, the judgment is affirmed, and the proposed rule is dead.

“In addition, perhaps Congress responds by passing a clear set of laws that creates even more regulations, and then IT and Security teams have to scramble to comply. Meanwhile, life continues for IT and Security teams who are already overwhelmed and simply want a clear set of rules.”


David Primor, Founder and CEO at Cynomi

“2025 will redefine the cybersecurity landscape as AI evolves into a cornerstone of strategic decision-making for CISOs and security leaders. In a world where cyber threats grow in both frequency and sophistication—and where attackers increasingly deploy AI to craft adaptive and evasive attacks—defenders must adopt tools that deliver both effectiveness and efficiency.

“AI’s role will extend far beyond traditional detection and response. Advanced systems will act as strategic advisors, analyzing vast volumes of data in real-time to uncover risks, prioritize responses, and smartly automate tasks that once consumed significant time and resources. By streamlining operations and providing actionable insights, AI will free security leaders to focus on long-term planning and risk mitigation rather than firefighting.

“For enterprises, the ability to predict and neutralize threats proactively will be game-changing. AI-powered tools will identify vulnerabilities way before adversaries can exploit them. This shift will also prove vital as businesses contend with compliance demands and board-level scrutiny, where fast, accurate reporting and strategic foresight are critical. Ultimately, I believe 2025 will highlight that success lies in leveraging AI not just as a defensive tool but as a driver of smarter, faster, and more strategic cybersecurity.”


Nicole Carignan, VP of Strategic Cyber AI at Darktrace

The year of AI agents and multi-agent systems: A challenge for cyber professionals, and an opportunity for threat actors.

“If 2023 was the year of generative AI and 2024 was the year of AI agents, 2025 is set to be the year of multi-agent systems (or ‘agent swarms’). That means we’ll see increasing use cases across businesses where teams of autonomous AI agents are working together to tackle more complex tasks than a single AI agent could alone. However, the rise of multi-agent systems, particularly in cybersecurity, is a double-edged sword.

“The rising use of multi-agent systems will introduce new attack vectors and vulnerabilities that could be exploited if they aren’t secured properly from the start. Attacks that we see today impacting single-agent systems, such as data poisoning, prompt injection, or social engineering to influence agent behavior, could all be vulnerabilities within a multi-agent system, with even wider-reaching impacts and harms because of the increasing volume of connection points and interfaces. Agents can discover other agents and communicate, collaborate, and interact. Without clear and distinct communication boundaries and explicit permissions, this can be a huge risk to data privacy as well as influence actionable agents (which is a security concern). These are not issues that traditional application testing alone can address.”


John Bennett, CEO of Dashlane

“In 2025, AI will grow increasingly central to both cyber-attacks and defenses, driving a significant evolution in the threat landscape. The commoditization of sophisticated attack tools will make large-scale, AI-driven campaigns accessible to attackers with minimal technical expertise. At the same time, malware and phishing schemes will grow more advanced as cyber-criminals leverage AI to create highly personalized and harder-to-detect attacks tailored to individual targets.

“However, there are two sides to every coin, and AI also has a key role to play in cyber defense. Cybersecurity solutions are advancing to combat the alarming surge of large-scale AI-driven attacks. This includes more AI-discovered vulnerabilities, as well as autonomous real-time threat detection and mitigation systems, powered by predictive analytics capable of anticipating and countering attacks–even before they occur.”


Jim Broome, President and CTO at DirectDefense

Data exfiltration and extortion will eclipse ransomware as the primary threat.

“In 2025, ransomware will increasingly be used as a precursor to larger attacks, where the real threat is data exfiltration and extortion. Attackers will leverage stolen data as a bargaining tool, especially in highly regulated industries like healthcare, where companies are forced to disclose breaches. As a result, we’ll see more sophisticated ransom demands based on exfiltrated data.”

AI in cybersecurity will bolster defenses but amplify risks.

“In the coming year, organizations will face the challenge of balancing AI’s security advantages with the mounting risks it introduces. While AI strengthens threat detection and response, attackers are equally adept at harnessing its power, rendering traditional employee training methods obsolete. Common indicators of phishing, like grammatical errors and unnatural phrasing, are vanishing as generative AI and deepfakes enable more convincing and sophisticated attacks. To combat these evolving threats, businesses must continually refresh employee training and adopt advanced AI tools, such as Microsoft’s Azure sandbox, to maintain robust security control.”


TK Keanini, CTO at DNSFilter

Zero Trust

“Zero Trust will be the dominant architecture model in 2025, fully replacing outdated perimeter-based models. Security controls will focus increasingly on the workforce and workloads rather than just the workplace, leading to enhanced protection across diverse environments.”

Tools

“By 2025, many current cybersecurity tools will become outdated, as they still reflect a perimeter-based mindset. In today’s world, effective defense is necessary for every device and at every location where people live, work, and play. Organizations will need proactive tools that don’t wait for an attack to happen. Instead, these tools will run tests and simulations on themselves to ensure they can maintain operational continuity in both good times and bad. Automation will be crucial, as it must continuously test and model threats with every network change before attackers can exploit vulnerabilities.

“A key shift in cybersecurity strategies will be ‘tempo.’ As the pace of change and attacks increases, defenders must also quicken their responses. Those who don’t keep up will be vulnerable.”


Neil Jones, CISSP and Director of Cybersecurity Evangelism at Egnyte

Intersection of AI & Cybersecurity

“Recent reports indicate that nearly 100 percent of IT leaders consider AI models crucial for their business success, but only 48 percent of IT professionals are confident about their ability to execute a strategy for leveraging AI in cybersecurity. In 2025, we can anticipate the knowledge gap widening, as AI models’ technical capabilities will likely outstrip IT teams’ ability to govern their responsible use.

“The gap can be closed by providing technical teams with advanced AI training, adopting company-wide responsible AI usage policies, and encouraging users to access generative AI solutions that are formally blessed by the organization.”


Dwayne McDaniel, Developer Advocate at GitGuardian

The Cyber Resilience Act Will Reshape Software Development

“The European Union’s Cyber Resilience Act (CRA) is poised to have a significant impact on how software is developed and secured. By mandating stricter requirements for vulnerabilities, the CRA will force organizations to reassess their development pipelines, especially in areas like secret management and secure coding practices.

“One of the most pressing vulnerabilities in modern software is the accidental exposure of sensitive information, such as API keys, tokens, and credentials, in source code. As the CRA drives stricter compliance standards, organizations will need to integrate secret detection tools directly into their CI/CD workflows. This integration will foster a stronger emphasis on security within DevSecOps, ensuring that software is both resilient and compliant from the earliest stages of development.

“For businesses, this represents both a challenge and an opportunity. Those that adapt quickly to the CRA’s requirements will not only reduce their risk of breaches but also demonstrate leadership in secure software practices—a critical factor in maintaining trust with customers and partners in regulated markets.”


Attila Török, CISO at GoTo

GenAI will be an asset, not an adversary, for CISOs

“AI tools have been a double-edged sword from a security standpoint ever since their first public availability, but the focus for CISOs in 2025 should be viewing AI as an asset rather than an adversary. As these tools continue to evolve, they should be integrated into security operations to improve threat detection, response times, and predictive analytics on an ongoing basis. In a slow market, this is a material, pragmatic way to demonstrate ROI while keeping pace with the evolving threat landscape.”


Chris Scheels, VP of Product Marketing at Gurucul

Organizations will increasingly turn to AI to power improved security posture.

“AI-powered threat hunting will play a crucial role in detecting and responding to advanced threats. As AI models continue to evolve, they will be able to identify sophisticated attacks that traditional methods might miss. By automating routine tasks and recommending effective response strategies, AI can significantly reduce the impact of security incidents and improve overall security posture.”

Automation becomes a must in SecOps.

“The increasing volume and complexity of data necessitate automation in security operations. By optimizing data ingestion and leveraging advanced machine learning models, organizations can efficiently analyze critical data, detect emerging threats, and automate routine tasks. This allows our security teams to focus on high-priority incidents, reducing response times and minimizing potential damage.”

The skills gap will drive MSSP growth.

“A continued and increased demand for managed security services from small and mid-sized businesses will continue in 2025. A significant factor driving this growth is the shortage of skilled cybersecurity professionals. This makes these organizations more vulnerable to cyber-attacks, including ransomware. As cyber threats evolve and become increasingly sophisticated, the need for managed security solutions will remain strong.”


Houbing Herbert Song, IEEE Fellow

Neuro-symbolic AI for Cybersecurity: The Enabler of Cybersecurity Threat Early Detection and Rapid Response

“The top cybersecurity threats emerging in 2025 are AI-powered cyber-attacks, which are characterized by their ability to learn and adapt to new defenses. In fact, according to “The Impact of Technology in 2025 and Beyond: an IEEE Global Study,” 48 percent of experts said a top potential use for AI is real-time cybersecurity vulnerability identification and attack prevention. In 2025, AI-powered cyber-attacks are expected to be more believable and less detectable. For example, deepfakes will continue to impact every aspect of our society, from personal to business to politics. AI can be leveraged by attackers to carry out more sophisticated and effective cyber-attacks. For example, with AI-enhanced social engineering, AI can assist in analyzing and predicting human behavior, allowing hackers to craft more convincing social engineering attacks that exploit psychological factors.

“The emerging trends in cybersecurity defense in 2025 will be establishing trust in cybersecurity defense and ensuring trustworthiness in cybersecurity defense towards a secure cyberspace. AI is the enabler of cybersecurity threat early detection and rapid response. AI can help solve complex security challenges by assisting human system managers with automated monitoring, analysis, and responses to cybersecurity attacks. Predictive analytics is an invaluable stepping stone in applying AI for cybersecurity. More specifically, neuro-symbolic AI, which integrates neural networks with symbolic representations, is a game changer by enabling high levels of trust in cybersecurity threat early detection and rapid response. Zero trust is expected to be the unquestioned gold standard of cybersecurity.”


Theodore Krantz Jr., CEO of interos.ai

Attack surface security risk in supply chains.

“As global interconnectivity deepens, the scale and speed of cyber breaches ripple across the globe quicker than ever, amplifying the ‘blast radius’ of attacks. In the first 10 months of 2024, 15,137 companies were impacted by reported cyber-attacks, according to interos data. This multiplied out to 1.3 million tier 1 suppliers, 3.1 million tier 2 suppliers, and 3.8 million tier 3 suppliers. As today’s supply chains rely more heavily on networks with many tiers of suppliers, the expanded attack surface of businesses must be approached with more diligence.

“In 2025, organizations must adopt advanced attack surface management strategies to gain visibility into their entire supplier networks to fully assess their exposure to cyber-attacks. These strategies include uncovering hidden supplier relationships, evaluating the cyber vulnerabilities of both direct and sub-tier suppliers, and assessing a broad spectrum of risk categories. Companies will also focus on identifying over-reliance on single suppliers and visualizing geographic clusters to mitigate cyber risks when they are impacted. By embracing these measures in the upcoming year, organizations can reduce their exposure to cyber threats, protect their digital supply chains, and ensure resilience in an era of ever-expanding cyber-attack surfaces.”


Itai Tevet, CEO and co-founder of Intezer

“In the past couple of years, we’ve seen AI used to automate many aspects of cybersecurity. That’s great because we know that attackers are using AI, too, but there will also be some unintended consequences that we need to address. AI typically automates tasks that entry-level employees tend to have and that prevents those employees from getting the skills they need to move into other roles—it’s going to exacerbate the existing cybersecurity talent shortage. It’s something that we are already seeing in the sales world with AI automating much of what entry-level SDRs do in their day-to-day. We are going to need to get ahead of this by rethinking training and education for cybersecurity professionals.”


Marc Gaffan, CEO at IONIX

Breaking Security Silos: The Rise of Unified Cybersecurity Platforms

“By 2025, the cybersecurity market will experience a significant shift toward unified security platforms that dissolve the traditional silos between on-premises, cloud and emerging technologies like AI. Organizations will increasingly adopt solutions that offer cross-environment visibility and management, enabling them to better assess and mitigate actual cyber risks. This convergence will lead to more efficient resource allocation and a more cohesive security posture across all technology stacks.”

Evolution of EASM: From Asset Discovery to Comprehensive Exposure Management

“External Attack Surface Management (EASM) will evolve beyond basic discovery and inventory of externally facing assets. In 2025, the market will demand EASM solutions that provide validation, prioritization, and optimization of security exposures. This evolution will align with analyst perspectives and will see EASM functionalities transition to a focus on exposing validated risks across Vulnerability Management and Posture Management tools.”

Shift from Vulnerability CVEs and CVSS scores to Exploitability

“The industry will move away from prioritizing vulnerabilities based solely on their CVSS scores and the like and will instead focus on their exploitability and potential business impact. By 2025, cybersecurity strategies will emphasize contextual risk assessment, combining vulnerability data with exposure insights to identify the most critical threats. This shift will lead to more effective remediation efforts, ensuring that security teams address issues that pose the greatest risk to the organization rather than being overwhelmed by sheer vulnerability counts.”


Paige Schaffer, CEO of Iris Powered by Generali

“Advancements in AI have already allowed criminals to create highly convincing deepfake content, opening the door for new forms of deception and fraud. In particular, deepfakes could be used by scammers to trick victims into handing over money by impersonating a trusted friend or family member. On the business side, deepfake technology can also be used in elaborate social engineering schemes.”


Greg Parker, Global VP, Security and Fire, Life Cycle Management at Johnson Controls

“As cyber and physical security increasingly intersect, zero-trust architectures will be essential to safeguard access and mitigate vulnerabilities. Organizations must ensure all users, devices and systems are verified continuously with robust access controls to prevent unauthorized intrusions into physical security systems. I anticipate zero trust becoming the industry standard, especially for facilities leveraging IoT and cloud-based solutions, where the stakes for security and operational continuity are higher than ever.

“Managed services that monitor and optimize physical assets throughout their lifecycle will be table stakes. This includes critical functions like firmware updates, system health monitoring, and ensuring proper functionality. Predictive maintenance powered by AI will play a pivotal role in addressing vulnerabilities proactively, minimizing downtime and costs while bolstering security. The growing interconnectivity of building management systems brings new risks, including unvetted device access and limited visibility into system components. In 2025, facility managers need a layered risk management strategy that incorporates tiered system criticality, comprehensive remediation plans, and continuous auditing.”


Elad Schulman, CEO and co-founder of Lasso Security

Tempering the Rise of RAG Threats

“Retrieval-augmented generation (RAG) is a technique for enhancing the accuracy and reliability of generative AI models with facts fetched from external sources, enabling users to check claims, which, in turn, builds trust. Attacks on RAG pipelines have been optimized to boost the ranking of malicious documents during the retrieval phase, now making Vector and Embedding Weaknesses one of OWASP’s top 10 use cases for LLM Security.

“Rather than relying solely on static permissions, more dynamic methods such as Context-Based Access Control (CBAC) will come into play. CBAC evaluates the context of both the request and the response, incorporating the user’s role and behavioral patterns, the specifics of the query, and the relevance and sensitivity of the retrieved data. When necessary, CBAC blocks sensitive or out-of-scope information.”


Andrew Harding, VP of Security Strategy at Menlo Security

Cyber-criminals will up the ante on browser-based attacks to deploy ransomware, targeting critical infrastructure in particular.

“Cyber-criminals will leverage browser-based attacks to deploy ransomware, targeting critical infrastructure sectors like healthcare, energy, and transportation. This shift will bypass traditional network defenses, making it easier for attackers to infiltrate systems and encrypt sensitive data. We have seen this trend developing during 2024, with about one significant confirmed browser exploit each month. To mitigate this risk, organizations must prioritize browser security, implement robust security measures, and stay updated on the latest threat intelligence.”

Insider threats will proliferate as widespread remote and hybrid work environments exacerbate risk.

“Insider threats will increasingly originate from well-intentioned users who fall victim to sophisticated targeted attacks. The persistence of widespread remote and hybrid work environments will exacerbate this risk. To combat this emerging threat, new tools and technologies will emerge to assist users, removing the burden of identifying and mitigating potential risks on their own. These tools will detect malicious activity and operate far beyond the capacity of manual human analysis.”


Devin Ertel, CISO at Menlo Security

AI Will Give Certain Security Functions a Boost

“Although there are many functions that AI can’t fully automate or take over, I predict that AI is going to start doing more of the heavy lifting when it comes to security in the coming year. Security tooling will incorporate more AI, helping with defenses that are cumbersome and leave too much room for human mistakes. Organizations will leverage AI to level out their Security Operations Centers (SOCs) so that they don’t need as many resources to run them. This also will free up time for junior security professionals to learn new skills, take on new responsibilities, and generally level up their careers.

“While overall, this trend will be highly positive for cybersecurity teams, we do need to be cautious about how we leverage AI and grant it access to sensitive data and systems. As organizations start to spin up their own AI models and engines, they need to think about how to protect them. Unsecured or unchecked AI could wreak havoc on organizations. For example, chatbots such as Google’s Gemini are powerful tools, but we need to be cognizant of how it touches sensitive customer or employee data. Whether using a tool like Gemini or a propriety internally-built model, security leaders will need to rethink their approach to access privileges in the context of AI tools in 2025.”

Attacks Incorporating Deepfakes Will Have CISOs on High Alert

“Deepfakes are an emerging threat that CISOs will need to keep on their radar. Last month, the CEO of cloud security company Wiz announced that his employees were being targeted by sophisticated deepfakes mimicking his voice. Executives who have many public speaking engagements and a more public presence are easier to target because their voices and likenesses can be tracked down by hackers looking to create a deepfake. Threat actors are continuously developing new ways to weaponize AI, including creating and selling highly sophisticated phishing kits available on the Dark Web. It is only a matter of time before these kits will include more sophisticated tactics, including deepfakes, and we will see more of these attacks in 2025.”

Seth Spergel, Managing Partner at Merlin Ventures

The Best Use Cases for AI will be Blended With Humans

“As a VC firm specializing in cybersecurity innovation, we (like every VC in every segment) have observed a huge influx in startups touting AI technology–to varying levels of success. It’s easy to get lost in a sea of undifferentiated solutions touting AI as a cybersecurity panacea.  Instead, we look for companies that have a clear vision and use case for how AI can help make humans more effective, productive, and/or efficient and are poised to make a meaningful contribution to the cybersecurity community.

“When considering AI innovations, I like to use the Iron Man analogy. On its own, Iron Man’s suit has some pretty cool functions. But to truly have an impact, the suit needs Tony Stark inside. He’s the one with the vision of what needs to be accomplished and how. Today, our best AI models still need human oversight and input, but together, AI and humans can accomplish far more than they could on their own. AI technology can significantly offset the burden on humans when it comes to more mundane tasks like data cleansing and basic correlation, freeing up skilled operators to tackle higher-value projects while making more informed decisions.

“In a sense, AI is helping to scale humans and help them reach new levels of productivity and ingenuity. One example of the type of cybersecurity technology that is leveraging AI in meaningful ways is Tamnoon’s human/AI hybrid cloud management and remediation platform, which is significantly changing the equation on the number of FTEs required to successfully manage cloud security environments. Tamnoon is not only reducing the number of humans needed to do the work, but it is also allowing those few humans who are doing the work to be far more effective than operators working without such an AI platform will ever be.

“For truly rabid Marvel fans, you may recall that at one point, the Iron Man armor technology ‘became so sophisticated that it gained sentience and malevolence.’ Feel free to draw your own analogies between that tidbit and the path we’re on with AI–but I’ll at least say I’m not including that in my predictions of what to expect in the next 12 months.”


Jeremy Ventura, Field CISO at Myriad360

Cybersecurity Workforce Challenges Will Persist

“The talent gap in cybersecurity will remain a pressing issue in 2025, with organizations struggling to find and retain skilled professionals. As threats continue to evolve in sophistication, companies will need to prioritize upskilling existing teams, leverage automation and AI, and explore alternative talent pipelines to mitigate workforce shortages.”

The Evolving Role of the CISO

“In 2025, the role of the Chief Information Security Officer (CISO) will extend far beyond just technical skills, emphasizing people skills, business acumen, and financial knowledge. As security increasingly becomes a business enabler, CISOs will need to communicate risk in terms of business and revenue impact, fostering collaboration with leadership to drive informed decision-making.”


Mike Arrowsmith, Chief Trust Officer at NinjaOne

Ransomware will continue to target legacy systems to maximize ROI.

“Legacy industries and organizations that have been around for decades and are responsible for managing a unique blend of hardware and software across continents—think airlines, railways, energy production, and the like—will be a top target for ransomware attackers in 2025. These organizations move large sums of revenue, and their systems generally aren’t the most modern. Also, due to the sheer size of the business, they typically have smaller IT teams in-house and employ more outside services and third-party partners to help maintain those systems. This exposes them to more methods of attack, which bad actors are increasingly taking advantage of to secure massive paydays.

“As ransomware attackers become even more creative and targeted (thanks to AI), having a good backup system in place will be critical for success. If organizations—legacy or otherwise—don’t have the means to restore to a good-known state before a malicious payload was distributed to the systems in question, they’ll find themselves paying hefty ransoms more often than not.”

Weaponized AI will be the biggest security concern in 2025 – and IT teams will be hit hardest.

“The biggest security threat we’re seeing is the continual evolution of AI. It’s getting really good at content creation and creating false imagery (i.e., deepfakes), and as AI gets better at data attribution, it will become even more difficult for organizations to distinguish between real and malicious personas. Because of this, AI-based attacks will focus more on targeting individuals in 2025. Most of all, IT teams will be hit hardest due to the keys they possess and the sensitive information they have access to. Most AI-based attacks will target individuals to solicit access and money, and IT organizations need to ensure they’re prepared, educating staff, and shoring up defenses accordingly.

“The best way to reign in AI risks is with more employee training. People have to know what to look out for, especially as AI technology evolves. In general, you can’t do enough cyber awareness training. It’s very real—even beyond AI, there are a ton of ways to compromise an individual system or information, and I think the more that we can educate people rather than try to curtail the technology, the better.”


Paul Laudanski, Director of Security Research at Onapsis

New year, same vulnerabilities

“The threat landscape is only getting bigger; the vulnerabilities security teams are facing are the same ones we continue to see every year. Organizations are still not prioritizing securing their business-critical applications and, therefore, often end up in the same situations. Vulnerabilities, old and new, are continuously being leveraged to get through the Internet of Things devices, firewalls, and VPNs. Once threat actors enter an organization’s systems, they go after the most valuable information, which is stored in business-critical applications.

“If nothing changes in 2025, companies will continue to battle these typical, preventable vulnerabilities and put their customer’s data at great risk. When crafting goals for 2025, leaders need to evaluate where security is on their priority list and how they can best combat these threats.”


Balaji Ganesan, co-founder and CEO of Privacera

“As we enter 2025, the urgency to fortify foundational data security becomes even more pronounced. With the evolution of AI technologies, organizations must prioritize data security significantly. A risk-based approach, which involves identifying data, its location, access permissions, and potential vulnerabilities, remains critical to maintaining security in complex data environments. The statistics from 2023 and 2024 serve as a stark reminder of the consequences of data breaches, with the United States facing 3,205 data breaches that exposed over 353 million individuals and reporting the highest average cost of a data breach globally at $9.36 million (IBM: Cost of a Data Breach Report 2024).

“In a rapidly evolving digital world, our greatest defense is precision and deep awareness of where data resides and how it moves. The exponential pace of AI adoption has amplified opportunities and threats, demanding organizations go beyond conventional data protection strategies. To remain resilient, leaders must view data security not merely as a compliance requirement but as a continuous, adaptive process that builds trust and safeguards innovation.”


Itamar Golan, Co-Founder and CEO at Prompt Security

Regulatory Environment

“The regulatory landscape for AI is developing along divergent paths globally. The European Union is taking a risk-based approach to AI through the EU AI Act, implementing comprehensive regulatory frameworks. In contrast, I expect the United States to adopt a more permissive approach under potential libertarian economic policies, allowing for greater flexibility in AI development and deployment, emphasizing national security and economic competition with China.”


Rahul Powar, Founder and CEO at Red Sift

“In 2025, we expect Microsoft will follow suit with Google and Yahoo’s stringent bulk sender email authentication requirements, creating a unified front among major email providers. This means implementing the basics of email security standards such as DMARC, SPF, and DKIM are no longer optional, but are vital protocols for every business moving forward. Bulk sender requirements are very much just the stepping stone towards enforcement, and it is essential that businesses implement effective tools to stay ahead of new regulations rather than being left to catch up.

“Take, for example, the rapid increase in sophisticated attacks in 2024—such as the SubdoMailing threat—bypassing reliant security measures like DMARC. This new method allowed bad actors to mount phishing campaigns and distribute malware through poor DNS hygiene and is a continued problem for known brands. Accessed through passive DNS records, this type of threat is already one step ahead of security standards brought in under bulk sender requirements, so how can businesses stay protected?

“The key in 2025 will be enabling full visibility over an organization’s digital estate; one example in the case of SubdoMailing is having a clear overview of all your domains and subdomains, auditing, and taking action against compromised records to prevent future attacks. Only by implementing the best email security solutions can businesses ensure they are doing everything they can to prevent costly and damaging threats. Those who fail to adapt can not ensure for certain that they are in full control, creating significant risks to their brand integrity and customer trust.”


Cynthia Overby, Director of Security at Rocket Software

“Over 50 percent of CISOs will start using AI and Machine Learning (ML) in security software solutions in 2025 as they believe generative AI will fill security skills gaps and are also excited about the possibility that it can strengthen cyber defense. Certain AI tools and technologies are viable to meet these requirements, but the term ‘AI-enabled’ is, in most cases, marketing hype. This may lead to negative connotations that could hurt security products that are truly AI-enabled.”

Attackers will significantly impact global business systems and operations.

“Insurance and financial systems will continue to be focal points for attacks, but in 2025, we can expect critical infrastructure operations and corporate data to become a higher priority for nation-state threat actors. These attacks will no longer focus on Ransomware using forward-facing web applications but instead on power grids and corporate data stored on critical hardware. The lack of knowledgeable resources to manage security across an enterprise and the lack of understanding and maturity around critical infrastructure vulnerability management within the C-level community will make for easy targets.”


Eric Schwake, Director of Cybersecurity Strategy at Salt Security

“In 2025, the cybersecurity landscape will continue to evolve rapidly, with a growing focus on API security. As APIs become essential to business operations and digital transformation efforts, they will likely become prime targets for attackers. We anticipate a rise in sophisticated API attacks using automation, artificial intelligence, and advanced evasion techniques to exploit vulnerabilities and bypass traditional security measures. One significant risk will stem from the exploitation of API misconfigurations, which often occur due to the fast pace of development and deployment. This situation will challenge organizations to adopt a more proactive and comprehensive approach to API security.

“To stay competitive, businesses must prioritize API security, recognizing that APIs have become crucial IT assets requiring the same scrutiny and protection as any other valuable resource. This involves implementing robust API posture governance to ensure consistent security configurations and reduce vulnerabilities to lower risk. AI-powered API security solutions, particularly those with strong behavioral threat detection capabilities, are essential for identifying and responding to sophisticated threats in real-time. These solutions can analyze vast amounts of API traffic and highlight genuinely malicious activities within the overwhelming amount of anomalous traffic that might otherwise go unnoticed. By proactively addressing API security challenges, businesses can safeguard their critical assets and ensure the ongoing success of their digital initiatives in the face of evolving threats.”


Avani Desai, CEO of Schellman

AI-Driven Cyber Threats on the Rise

“The biggest cyber threats in 2025 will stem from increasingly sophisticated, AI-driven attacks. As AI evolves at breakneck speed, attackers are deploying machine learning models that adapt, disguise themselves, and evade traditional defenses in real-time. This creates a constant race between defensive and offensive AI technologies, making it harder to detect and combat cyber threats.”

Emergence of Autonomous Malware 

“One under-the-radar development is the rise of autonomous malware. Unlike traditional malware, this next generation can operate independently, learning to bypass security measures as it moves through systems. These self-sustaining attacks refine themselves at each step, presenting a profound challenge for cybersecurity defenses. Few are prepared for this shift, but it has the potential to reshape the entire cybersecurity landscape.”


Pieter Danhieux, co-founder and CEO of Secure Code Warrior

Understanding Shifts in the Regulatory Landscape

“The critical infrastructure industry has, at least in the United States, the UK, and Australia, seen some specific recommendations around how digital risk is managed, and in this age of high tensions in multiple regions, as well as a significant increase in Nation-sponsored cyber-attacks, these trends show no signs of ceasing in 2025, and this vertical in particular will be hit hard. I expect to see more legislative changes in this area very soon, and across other sectors. With NIS2 and the Cyber Resilience Act just being introduced in Europe, we’ll be shortly seeing that any connected consumer product will face much greater scrutiny, especially in terms of Secure-by-Design and software weaknesses.

“This is likely to result in vendors who can prove compliance with specific security mandates and adhere to government-informed guidelines and best practices being viewed as more trustworthy and desirable to partner with, as opposed to those who take these initiatives less seriously. It may also result in their internal security culture changing to adopt more enforced secure development practices overall.”

AI Tools’ Security Standing Will be a Key Measurement for Developers

“Right now, it’s a free-for-all market in terms of LLM-powered coding tools. New additions are popping up all the time, each boasting better output, security, and productivity. As we head into 2025, we need a standard by which each AI tool can be benchmarked and assessed for its security standing. This includes coding capabilities, namely its ability to generate code with good, safe coding patterns that cannot be exploited by threat actors.”


Lou Fiorello, VP and GM of Security Products at ServiceNow

“In 2025, GenAI will reshape the way security teams operate, moving beyond task automation to providing actionable insights that enhance decision-making. This will reduce burnout from manual, repetitive work and allow teams to focus on proactive threat management. As attack sophistication grows, GenAI will serve as a key enabler for faster response times and a stronger, more adaptive security posture.

Additionally, the rapid growth of attack surfaces—from on-premise to the cloud, APIs, operational technology, and more—will push organizations toward unified platforms. These platforms will provide a single source of truth across all environments, enabling businesses to identify risks more clearly and manage them more effectively. In 2025, platforms that integrate vulnerability management with enterprise data foundations, such as CMDBs, will become essential for maintaining end-to-end visibility and control.”


Chen Burshan, CEO of Skyhawk Security

Security teams will need to invest in increased AI automation to stop threats at machine speed.

“The highly publicized cybersecurity skills gap and overwhelming workload mean security teams MUST use automation to have a chance at securing their cloud. However, how can they be sure that alerts that are flagged REALLY pose a risk to their cloud environments and that automation won’t impact production by increasing false positives? This is where an AI-based rehearsal is going to be imperative (in the new year and beyond) to move forward with leveraging automation. We expect to see increased adoption of AI-based simulation twins, which simulate threats to determine whether they have the potential to reach critical business assets. This will increase confidence in the SOC. These AI tools will also rehearse automated responses to increase cloud threat detection and response (CDR) efficiency. Automation can also respond at machine speed, much faster than the SOC analyst.”

Security teams will need to invest in increased automation to stop threats at machine speed.

“The skills gap and overwhelming workload mean security teams MUST use automation in order to have a chance at securing their cloud. However, how can they be sure that the alert is really an alert and that the automation will not impact production? This is where an AI-based rehearsal is going to be imperative in order to move forward with leveraging automation. An AI-based simulation twin simulates the threat, so the SOC knows it is, in fact, a threat, and the automated response is also rehearsed, ensuring this response stops the threat and does not impact production. Automation can also respond at machine speed, much faster than the SOC analyst.”


Ravi Bindra, CISO of SoftwareOne

Evolving CISO role

“The role of the Chief Information Security Officer (CISO) has been rewritten in the past years.  CISOs once worked in a siloed fashion without a seat at the boardroom table. Today, however, they are the bridge between the C-Suite and the entire company, charged with delivering cybersecurity resilience.  In 2025, CISOs can expect their role and responsibilities to keep expanding as enterprise risks grow in both numbers and complexity. Next year, cyber-crime is expected to cost $10.5 trillion a year globally, a staggering figure that explains why the CISO’s role has shifted from tactical to strategic with a need to firmly align cybersecurity solutions with business goals.

“Furthermore, with Gartner forecasts showing that by 2026, over 50 percent of C-Suite executives will have cyber risk performance requirements included in their contracts, it’s clear that the CISO’s role will shift again to accommodate new levels of collaboration to ensure accurate business-wide reporting. In addition to hands-on security duties, regulatory changes such as those from the Securities and Exchange Commission in the US and others globally will occupy even more of the CISO’s time.

“Balancing daily security operational demands with heftier reporting requirements will be an added burden, meaning CISOs will need to think strategically in order to collaborate effectively with business leaders while ensuring they have invested in the best detection and response capabilities to keep pace with threats. 2025 will see CISOs work even more strategically to ensure their time, investments, and effort are keeping pace with endless developments.”


Chris Ortbals, Chief Product Officer at Tangoe

Mobile and SaaS Environments Will Face Heightened Security Threats

“AI and quantum-powered attacks will target mobile devices and SaaS platforms, exploiting gaps in endpoint security and third-party integrations. Social engineering attacks, AI-enhanced phishing, and deepfake scams will exploit mobile vulnerabilities and unsecured third-party APIs. Organizations that prioritize endpoint security and SaaS control will be better positioned to protect their assets and maintain client trust.

“Implement Unified Endpoint Management (UEM) and strict SaaS monitoring policies. Audit user access regularly, ensuring former employees and third-party providers have no residual permissions. 2025 will be a pivotal year for AI, with enterprises embracing its transformative potential while navigating financial, ethical, and security risks. By adopting forward-thinking strategies—such as robust cost management, quantum-safe cryptography, and comprehensive AI governance frameworks—IT leaders can ensure sustainable innovation and a competitive edge in the AI-driven future.”


Ratan Tipirneni, President and CEO at Tigera

Open Source LLM vs. Subscription-Based: Who Will Win in 2025?

“Meta changed the rules of the Large Language Model (LLM) game by open-sourcing their model, Llama. Now, Meta is on track to have the most widely deployed chatbot in the world by the end of the calendar year 2024, despite OpenAI’s initial leadership with ChatGPT.

“As the GenAI race heats up and more native artificial intelligence Independent Software Vendors (ISVs) emerge, open-source models will continue experiencing exponential growth. ISVs will adopt an open-source model like Llama instead of building on top of a model with a licensing fee involved. Ecosystems will form around open-source LLMs, and they will gain critical mass.”


Mark Wojtasiak, Vice President of Product Marketing at Vectra AI

Disillusionment Around AI’s Promise in Cybersecurity Will Push Vendors to Focus on Demonstrating Value

“In the coming year, we’ll see the initial excitement that surrounded AI’s potential in cybersecurity start to give way due to a growing sense of disillusionment among security leaders. While AI adoption is on the rise–89 percent plan to use more AI tools in the coming year–there is still cautious optimism within the industry. Many practitioners worry that adding more AI tools could create more work, and as a result, vendors will need to focus on demonstrating value and proving ROI. Vendors will no longer be able to rely on generic promises of ‘AI-driven security’ to make sales. Instead, they will need to demonstrate tangible outcomes, such as reduced time to detect threats, improved signal accuracy, or measurable reductions around time spent chasing alerts and managing tools.”


Chris Wysopal, the Chief Security Evangelist and Founder of Veracode

GenAI-driven Coding Will Saddle Organizations with More Security Debt

“As AI-fueled code velocity increases, the number of vulnerabilities and level of critical security debt will also grow. With more code created at a rapid pace, developers will become inundated with compliance risks, security alerts, and quality issues. Identifying a solution to help will be key. As security debt grows, so too will the demand for automated security remediation, however using GenAI to write code is still two years ahead of using the same technology for security hardening and remediation. This is why, in 2025, we can expect a rapid increase in the adoption of AI-powered remediation to fix vulnerabilities faster and materially reduce security debt.”


Ben Kliger, CEO and co-founder of Zenity

The rise of Agentic AI will require a rethinking of security strategy 

“Generative AI is quickly moving beyond the capabilities of consumer-first tools like ChatGPT into Agentic AI for the enterprise. AI agents are designed to process information in a new way to make dynamic and autonomous decisions. However, organizations looking to leverage the promise of Agentic AI need to be wary of the security ramifications. They can do so by going beyond analyzing prompts and responses by monitoring and profiling how each AI Agent operates behind the scenes. Given the widespread access these Agents have to sensitive information, this holistic approach can prevent direct and indirect prompt injection attacks, as well as help to manage data leakage risks. Staying secure amid new threats will require security teams to work with the business not as a blocker but as an enabler. ”


Nicolás Chiaraviglio, the Chief Scientist at Zimperium

Mobile Security Platforms Will Increasingly Address Data Privacy Concerns, Not Just Security

“Mobile security plays a crucial role in addressing the needs of data privacy. However, we often see mobile security through the lens of threat defense and application security. However, regulatory compliance is a key piece of the mobile security function. I predict that in 2025, we will see mobile security prioritizing data privacy needs by implementing robust privacy-preserving technologies. According to Zimperium’s 2024 Global Mobile Threat Report, 82 percent of organizations allow bringing your own device (BYOD) to work. A recent survey from Tableau found that 63 percent of Internet users believe most companies aren’t transparent about how their data is used, and 48 percent have stopped shopping with a company because of privacy concerns.

“We will likely see more regulatory compliance baked into mobile security solutions, particularly around data handling and encryption standards. We are already seeing regulatory shifts in the financial sector, holding app developers accountable for any harm to their end-users due to external attacks. Businesses are recognizing that regulatory compliance features are a necessary piece of the mobile security stack, and they are seeking mobile security platforms that address both privacy and security needs.”


Share This

Related Posts