As the digital landscape evolves, so do the threats and challenges defining cybersecurity. With 2025 around the corner, ISB reached out to several experts to forecast transformative shifts in how businesses, governments, and individuals protect themselves against increasingly sophisticated cyberattacks. Information Security Buzz reached out to leading experts across the technology and cybersecurity spectrum to gain insight into what lies ahead.
Regulatory pressures, the rise of Zero Trust as a cornerstone of AI-driven enterprises, and the looming complexities of autonomous hacking, the perspectives shared offer a glimpse into a future brimming with both opportunity and risk.
We had such an overwhelming response we’ll be breaking up our 2025 cybersecurity predictions into several blogs for you to enjoy over the next few weeks. Here’s our first edition:
Lori MacVittie – Distinguished Engineer at F5
“Zero Trust in 2025 won’t just be about protecting assets; it will be about rethinking security frameworks to keep pace with the rapid technological advancements transforming the enterprise landscape.”
In 2025, Zero Trust will take center stage in cybersecurity, responding to both the rise of generative AI and the changing architecture of digital ecosystems. While generative AI has heightened the need for secure access control and protection of digital assets, the real driving force behind Zero Trust adoption will be the structural shifts resulting from AI integration.
As enterprises rapidly embrace AI-as-a-service, they urgently need to secure both inbound and outbound data requests, effectively dismantling the last vestiges of the traditional “data center perimeter.” Additionally, the growing adoption of Retrieval-Augmented Generation (RAG) patterns introduces vector databases, necessitating more granular data access control beyond traditional cybersecurity frameworks.
Zero Trust offers a robust approach to protect the expanding attack surface created by generative AI. However, implementing this framework will also require investment in adaptive security technologies like identity-based access control, continuous monitoring, and context-aware authorization. As Zero Trust evolves, enterprises must embrace solutions that integrate seamlessly with AI workloads, ensuring security policies are dynamic, data-centric, and resilient against sophisticated AI-driven threats.
Amar Singh, CEO of CM Alliance
“Criminals will still be criminals. As BTC rises, so will ransomware, which will be even more profitable and life-changing revenue for established and would-be criminals.”
Attackers are increasingly leveraging artificial intelligence, and by 2025, we can expect an even deeper integration of AI into criminal activities. The likelihood of AI being utilized in cyberattacks is rising, which could lead to significant and concerning outcomes. As AI systems may operate more indiscriminately and without a complete understanding of the repercussions of their actions, the potential for widespread disruption and damage could increase dramatically. We can also expect technological advancements and AI or techniques to combat cyber threats.
In addition, fully autonomous hacking is likely to go mainstream and may be accessible to would-be-criminals, with severe consequences.
Potential regulatory or compliance changes impacting the industry, such as DORA and other regulations, are on the horizon. I am mostly supportive, but there is already a major regulatory overhead on regulated organizations. 2025 will not lessen the load; in fact, it will increase the pressure. Given limited resources, this can often take away the focus from resilience to compliance.
Nick Franklin, Global AWS Technology Alliance Director at Fortra
“CIOs will drive deeper reviews surrounding the impact security and observability tools can have on their organization in 2025.”
In July 2024, the world’s second-largest cybersecurity ISV caused much of the globe to come to a halt due to a flaw in an update pushed to their agent. This has made plain to everyone all around the world, from my mother, who can barely use her smartphone, to CEOs to world leaders, that resiliency is as critical as ever, and CIOs can no longer allow their teams to be satisfied with the features and benefits a security product may offer. CIOs will require greater assurances they are protected from disasters inadvertently caused by the tools they use to protect and monitor their environments.
We will see this materialize in legal and contract discussions around terms and SLAs, enhanced scrutiny placed on the interaction between third-party tools and first-party systems and applications, and in deeper technical reviews, security, and observability, vendors must be prepared to address. Does your endpoint agent have kernel access? Does your SaaS application’s cross-account IAM role grant overly permissive access to your employees without business accessing end-customer information captured by your tool? These are very basic but real scenarios I’m seeing come up with an increased frequency that is just the tip of the spear of scrutiny coming to security ISVs as organizations strive to mitigate 3rd party risk to their businesses.
Hyperscalers will continue to pursue new customers aggressively. Still, I predict we’ll see an expansion of native cybersecurity capabilities these cloud providers develop and release to capture more and more customer revenue. We’re beyond the stage of the cloud, which is the new and exciting thing everyone is running to for the first time. Cloud vendors now offer hundreds of native services and solutions to customers, including security. However, in 2025 and beyond, to meet the revenue demands of their stakeholders, it seems highly likely the cloud behemoths will develop and launch a myriad of native security tools and features that promise customers the ability to secure and securely manage their data and applications from within the cloud control plane. Secondarily, we will likely see several strategic acquisitions of cutting-edge security companies by the hyperscalers themselves.
Bob Maley, Chief Security Officer at Black Kite
“As generative AI advances, prediction models will likely integrate AI more deeply. Instead of an “AI takeover,” we’ll see it supporting humans in making faster, informed security decisions. Security automation will help fill resource gaps rather than replace talent outright.”
In 2025, we expect a surge in industry-specific AI assurance frameworks to validate AI’s reliability, bias mitigation, and security. These standards will transition from “nice-to-have” guidance to critical requirements for organizations operating in regulated industries like finance, healthcare, and critical infrastructure. The regulatory environment will push companies to establish formal AI governance programs that can provide verifiable evidence of fair, safe, and transparent AI operations, emphasizing accountability from design to deployment.
Concretely, organizations will face pressure to adopt independent, third-party audits for AI systems to verify compliance with emerging regulations. Consider it as SOC 2 for AI—standardized audits will cover security, bias, ethics, and operational transparency, creating a new branch of compliance-driven “AI Assurance” that vendors must demonstrate in their third-party risk assessments. This push toward standardization will address the trust deficit in AI, making “AI assurance” a board-level conversation.
Karan Bhagat, Field CTO at Myriad360
“As businesses build and expand their data lakes (vast storage repositories for raw, unstructured data), the complexity of managing and securing these assets will also grow.”
The development of high-speed networking infrastructures for High-Performance Computing (HPC) and GPU clusters will grow strongly, particularly as AI ‘factories’ are developed in private and public cloud environments.
The increasing reliance on data-driven technologies like AI will drive greater emphasis on cybersecurity to protect critical business assets. AI will help organizations extract value from data lakes, but AI systems are vulnerable to manipulation and exploitation, making cybersecurity an even more pressing concern.
In terms of data governance, ensuring that data is accessible, usable, and secure- will become a fundamental aspect of managing large-scale data lakes, with security policies that govern access, usage, and compliance becoming more complex.
We will see an uptick in new technology storage vendors developing advanced storage fabrics for private and public clouds to address low latency, load balancing, and asynchronous data streaming. The model should get the data it needs quickly to avoid bottlenecks. Any delay in data serving can slow down the entire training process, so low-latency data pipelines and caching systems are critical. Also, as requests from GPUs scale, data retrieval systems must balance the load effectively to avoid hotspots where specific nodes become overloaded, and while training, models often require a continuous stream of data to avoid waiting.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.