As AI becomes a dominant force in both cyberattacks and defenses, the cybersecurity landscape of 2025 will be marked by unprecedented challenges and opportunities. Attackers are expanding their use of AI across the kill chain, weaponizing zero-day vulnerabilities and targeting critical verticals with increasingly sophisticated strategies. Meanwhile, defenders are leaning on advanced AI technologies like deep learning (DL) to shift from reactive detection to proactive prevention. Experts from Deep Instinct outline the critical trends shaping this evolving battle and the innovations needed to counteract AI-driven threats. Carl Froggett, CIO, Deep Instinct
In 2025 we’ll see increased use of AI by attackers.
Bad actors will continue to leverage AI in their campaigns, building on its success in sophisticated phishing attacks—their primary use case to date. However, they will refine and expand AI’s role across the entire kill chain. This will enhance the sophistication of their malware and ransomware, while increasing the speed and uniqueness of their attacks.
AI’s potential to identify and weaponize zero-day vulnerabilities will bring bad actors closer to an end-to-end, AI-driven attack process. Supply chain attacks, particularly through cloud and SaaS services, will remain a critical avenue for exploitation. Many third parties inadvertently expose the attack surface of organizations, increasing their susceptibility to breaches. Even correctly configured systems will be at risk due to zero-day vulnerabilities. While a fully automated kill chain is unlikely to materialize by 2025, AI is undeniably effective in these scenarios.
As a result, the concerning trends we saw in 2024—rising breaches, higher ransomware payments, increased data loss, and more zero-day vulnerabilities—will worsen. Bad actors are not deterred from targeting critical verticals such as healthcare, local governments, and national infrastructure. These sectors remain vulnerable due to outdated, less resilient cybersecurity technologies and the prohibitive costs or disruptions involved in upgrading their defenses.
A new frontier in this battle may emerge as attackers exploit a growing weak point: employees' home environments. Many home internet networks, routers, and connected devices are plagued by zero-day vulnerabilities that vendors often fail to patch promptly—if at all. Even when patches are available, they are rarely installed automatically, leaving these systems exposed to exploitation.
AI in cyber defenses will continue to be leveraged in 2025.
AI will continue to play a pivotal role in cyber defenses, particularly in “detect and respond” strategies. However, as the statistics from 2024 clearly demonstrate, these approaches are increasingly being overwhelmed. This has led to a growing demand for AI-driven prevention methods that can stop attacks before they begin—an essential shift as disruptions to businesses and critical infrastructure become increasingly unacceptable and apparent. However, not all AI is created equal, and for organizations to truly predict and prevent such sophisticated attacks, a more advanced form of AI, deep learning (DL), is critical.
In the new year, I foresee that DL will be essential in countering the surge of AI-driven attacks that are outpacing the capabilities of traditional security tools. Furthermore, the increasing sophistication of cyber threats will amplify the need for "prevention everywhere" strategies, prioritizing proactive measures that stop attacks before they can penetrate, regardless of where they occur within the expanding digital landscape. By analyzing vast datasets and identifying subtle patterns, DL can learn to detect and respond to previously unseen threats. Its ability to infer patterns from incomplete data and predict malicious behavior makes it uniquely equipped to counter the rapid innovation cycles of AI-driven attacks, positioning it as the cornerstone of next-generation cyber defenses.
Yariv Fishman, Chief Product Officer, Deep Instinct
In 2025 we’ll see increased demand for proactive defense strategies amid escalating AI-driven cyber threats.
Organizations will face a surge of sophisticated AI-driven threats, fueled by the rise of weaponized large language models (LLMs), dubbed DarkAI. These advanced attacks will challenge existing detection methods, enabling threat actors to bypass legacy cybersecurity tools with greater precision and scale.
Meanwhile, the "assume breach" mentality will fall to the wayside as businesses shift towards a prevention-first cybersecurity strategy powered by advanced AI and deep learning. This approach, called Zero-Day Data Security (ZDDS), treats all incoming files as if they contain unknown, never-before-seen malware and doesn’t allow files into secure network zones until they are determined to be benign. This modern approach will enable organizations to significantly strengthen their security posture against evolving cyber threats.
2025 will be the year of investing in real-time explainability technology.
In a world unprepared for unknown threats, security analysts often struggle to determine whether an incident is a legitimate zero-day attack or just a false positive, leading to significant delays and wasted effort. This challenge is only intensifying as zero-day attacks continue to grow, fueled by bad actors leveraging generative AI to rapidly create and deploy sophisticated threats.
A critical component of this evolution is the opportunity for real-time explainability through the use of GenAI assistant tools. Unlike traditional approaches, AI-powered explainability enables cybersecurity teams to immediately grasp the nature and intent of zero-day threats. This understanding is essential for crafting targeted responses and preventing similar attacks in the future. Moreover, it provides business leaders with greater confidence in their cybersecurity posture by offering clear insights into how threats are managed and mitigated. By aligning rapid detection with actionable intelligence, organizations will create a more resilient digital environment, staying ahead in the ever-escalating battle against sophisticated cyber adversaries.