Freely subscribe to our NEWSLETTER

Nicole Carignan, Vice President of Strategic Cyber AI at Darktrace:

The year of AI agents and multi-agent systems: A challenge for cyber professionals, and an opportunity for threat actors

If 2023 was the year of generative AI and 2024 was the year of AI agents, 2025 is set to be the year of multi-agent systems (or “agent swarms”). That means we’ll see increasing use cases across businesses where teams of autonomous AI agents are working together to tackle more complex tasks than a single AI agent could alone. However, the rise of multi-agent systems, particularly in cybersecurity, is a double-edged sword.

The rising use of multi-agent systems will introduce new attack vectors and vulnerabilities that could be exploited if they aren’t secured properly from the start. Attacks that we see today impacting single agent systems, such as data poisoning, prompt injection, or social engineering to influence agent behavior, could all be vulnerabilities within a multi-agent system, with even wider reaching impacts and harms because of the increasing volume of connection points and interfaces. Agents can discover other agents and communicate, collaborate and interact. Without clear and distinct communication boundaries and explicit permissions, this can be a huge risk to data privacy as well as influence actionable agents (which is a security concern). These are not issues that traditional application testing alone can address.

Moreover, the stakes for these systems will be extremely high. Multi-agent systems are poised to make AI tools even more useful and productive for consumers, and as they increase adoption for critical daily tasks such as managing household finances, these systems will contain increasingly sensitive and valuable data.

That’s why robust security measures and data guardrails are required at the start to prevent these systems from being exploited and running amok.

Marcus Fowler, CEO, Darktrace Federal:

Insider threat risks will force organizations to evolve zero trust strategies

In 2025, an increasingly volatile geopolitical situation and the intensity of the AI race will make insider threats an even bigger risk for businesses in 2025, forcing organizations to expand zero trust strategies. The traditional zero-trust model ensures protection from external threats to an organization’s network by requiring continuous verification of the devices and users attempting to access critical business systems, services, and information from multiple sources. However, as we have seen in the likes of Snowden, or the more recent Jack Teixeira case, malicious actors can still do significant damage to an organization within their approved and authenticated boundary.
To circumvent the remaining security gaps in a zero-trust architecture and mitigate increasing risk of insider threats, organizations will need to integrate a behavioral understanding dimension to their zero trust approaches. The zero trust best practice of ‘Never Trust, Always Verify’ will evolve to become ‘Never Trust, Always Verify, Continuously Monitor.’

Derek Manky, Chief Security Strategist and Global VP of Threat Intelligence at Fortinet

Playbooks Grow to Include Real-Life Threats

Cybercriminals continually advance their playbooks, with attacks becoming more aggressive and destructive. We predict that adversaries will expand their playbooks to combine cyberattacks with physical, real-life threats. We’re already seeing some cybercrime groups physically threaten an organization’s executives and employees in some instances and anticipate that this will become a regular part of many playbooks. We also anticipate that transnational crime—such as drug trafficking, smuggling people or goods, and more—will become a regular component of more sophisticated playbooks, with cybercrime groups and transnational crime organizations working together.

Alex Quilici, CEO of YouMail

Personalized Extortion Scams Will Become a Growing Threat
The rise of personalized extortion scams, where cybercriminals research their victims using publicly available information, will redefine social engineering attacks. These schemes will use family names, relationships, or past events to create tailored threats, such as claims of unpaid debts or fabricated legal issues, pressuring victims into immediate payment via cryptocurrency. As cybercriminals adopt increasingly sophisticated techniques to exploit personal data, individuals and organizations must strengthen digital hygiene and educate themselves on recognizing and responding to these high-pressure, emotionally charged scams.

Rom Carmel, CEO & Co-Founder, Apono:
Deepfake-based Identity Fraud will Become More Common
Deepfake-based identity fraud is rapidly evolving, with attackers leveraging highly sophisticated AI-generated media to convincingly impersonate high-level executives and trusted individuals. This new wave of social engineering attacks can easily bypass traditional verification methods like video calls or biometric authentication, leading to unauthorized access to sensitive systems and accounts. The consequences are severe: organizations face significant financial losses and reputational damage, while individuals suffer from privacy violations and the misuse of their likeness. Implementing advanced cloud access management can help mitigate these risks by ensuring that only verified identities gain access to critical systems.
Cyber Criminals will Develop More Successful Zero Trust Evasion Techniques
As organizations increasingly adopt zero-trust models for identity security, cybercriminals will develop more sophisticated techniques to evade these defenses. Attackers may exploit gaps in network segmentation, misconfigurations in identity policies, or use AI to mimic behavior patterns and avoid detection. This evolution in tactics will lead to more sophisticated and harder-to-detect attacks, potentially compromising sensitive systems even within a zero-trust framework. To counter these threats, organizations must adopt more mature zero-trust architectures that effectively limit both vertical and lateral movement after a breach. Strengthening zero-trust access controls is essential to adapt to evolving threats and ensure comprehensive protection across all network layers.
Dana Simberkoff, Chief Risk, Privacy and Information Security Officer at AvePoint:
The regulatory landscape for cybersecurity is at an interesting inflection point. While we’re seeing potential shifts toward deregulation in the US, Europe continues to take a stronger stance on American companies through mechanisms like GDPR. The interplay between these approaches will be fascinating to watch.
We’re also witnessing the rise of ’data sovereignty first’ mentality in cybersecurity and privacy laws. While this trend toward regional and national-specific regulations may seem at odds with our globally interconnected world, I expect we’ll see more countries implementing their own protectionist data sovereignty frameworks.
AI represents both our biggest opportunity and challenge from a security perspective. As organizations mainstream AI models into everyday operations, its accessibility increases for both legitimate and malicious uses. Security teams must stay several steps ahead - not just of bad actors, but also of well-meaning insiders who might inadvertently create vulnerabilities. Understanding data flows and information governance - principles AvePoint has championed for over 20 years - becomes more critical than ever.
For companies like AvePoint, this creates a perfect storm of opportunity and responsibility. We’re seeing organizations rush to deploy AI technology before establishing proper security frameworks. This haste could lead to significant data breaches and security missteps. The message is clear: companies need to build their security foundation now if they want to effectively harness AI’s potential.
Danny Brickman, CEO and Co-Founder of Oasis Security

Prediction #1: Compliance Requirements Will Drive Non-Human Identity Management in Highly-Regulated Industries

While every organization requires a solution to manage and secure its non-human identities (NHIs), in highly-regulated industries, the need for a dedicated NHI management solution is paramount. Financial institutions, for example, have access to vast amounts of sensitive data, and as such are highly regulated and frequently audited.

Payment Card Industry Data Security Standard (PCI DSS) 4.0 is rapidly approaching, and the revised guidelines place significant emphasis on managing NHIs, particularly system and application accounts with elevated privileges. With this, financial institutions will face increased scrutiny from auditors regarding the robustness of their NHI management practices. PCI DSS 4.0 requirements such as Requirement 7 (restricting access based on business needs and least privilege) and Requirement 8.6 (managing accounts with interactive login capabilities) highlight the need for comprehensive strategies to manage NHIs effectively.

As NHIs proliferate, financial institutions risk security breaches and regulatory penalties if they fail to adopt a robust strategy for NHI management. Organizations must begin addressing these challenges now, especially with mandatory PCI DSS 4.0 compliance coming in 2025, to ensure they meet evolving compliance standards and enhance their security posture.

Prediction #2: AI Adoption Will Lead to More Non-Human Identity Risk

AI adoption is creating new challenges when it comes to non-human identity management and security. A growing trend, termed "LLMJacking," involves threat actors targeting machine identities with access to Large Language Models (LLMs), and either abusing this access themselves, or selling it to third parties. This threat will escalate in the year ahead, amplifying the need for robust non-human identity security measures.

Prediction #3: In 2025, Cybersecurity Personnel Will Need A Hybrid Skill Set

The cybersecurity field will increasingly demand professionals who combine technical expertise with a strong understanding of business objectives. As the threat landscape grows more complex, organizations will prioritize candidates with a hybrid skill set—deep cybersecurity knowledge paired with expertise in risk management and regulatory compliance. This shift will be driven by the need for cybersecurity to be seamlessly integrated into broader enterprise strategies, shifting away from a siloed approach to one that aligns directly with overall business goals.

Tony Aurigemma, Chief Revenue Officer at Anomali
In 2025, we’ll see a fundamental shift in how organizations approach cyber resilience. The traditional CISO role will evolve beyond security operations into a true risk executive position, as companies finally realize that their recovery capabilities are more critical than their prevention strategies. The hard truth is that most enterprises can’t actually execute their theoretical 24-48 hour recovery time objectives, especially across hundreds of interconnected systems. Technical debt and untested recovery processes will force more organizations to rebuild their resilience programs from the ground up, with CISOs leading this transformation. Those who don’t adapt will face months-long recovery periods that no modern business can survive.
2025 will also mark the breaking point for the traditional SOC model. Most security operations today are running on decade-old foundations - a maze of complex tools, overwhelmed analysts, and manual processes that just can’t scale. What’s coming is the first real transformation of the SOC we’ve seen in years. AI won’t just be another tool in the stack; it’s going to fundamentally change how teams operate, enabling analysts to work in their native languages and finally breaking free from the specialized systems that are bogging everyone down. Organizations that cling to their legacy SOC architecture will quickly find themselves unable to compete for talent or keep pace with threats. The market is ready for this shift - it has to be AI-driven, and it’s happening now.