Industry executives and experts share their predictions for 2025. Read them in this 17th annual VMblog.com series exclusive. By Steve Povolny is Director of Security Research at Exabeam and
Co-founder of TEN18.
A distinguished cybersecurity leader with more than 15 years of
experience leading global specialists of security researchers, data scientists,
and developers, he brings diverse technical expertise and is an effective
people leader with a track record of building high-performing teams. Povolny
has a deep understanding of the latest developments in cybersecurity and is a
frequent subject matter expert for the media. As a regular speaker at industry
conferences, Povolny often shares insights on emerging trends, attack surfaces,
and cutting-edge vulnerability and malware research.
In his roles at Exabeam and TEN18, Povolny and team have a singular
focus: integrating world-class research into the industry's top cybersecurity
solutions to disrupt cybercrime and defend customers' critical assets.
In this article, Povolny explores the transformative impact of emerging
technologies on the cybersecurity landscape. He highlights how Generative AI
(GenAI) will democratize malware creation, enabling a new wave of
cybercriminals to deploy sophisticated attacks without coding expertise.
Povolny introduces the concept of "Zero Trust for AI," a critical framework for
mitigating risks associated with AI-generated outputs by emphasizing
validation, verification, and human oversight. Additionally, he examines the
rising threat of deepfakes, which will elevate social engineering attacks to
unprecedented levels, challenging organizations to rethink identity
verification and fraud prevention in an era of hyper-realistic deception.
AI Will Democratize Malware Creation, Opening the Door for a New Class
of Cybercriminals
You won't need to be a coder to create sophisticated malware in 2025-AI
will do it for you. Generative AI models trained specifically to generate
malicious code will emerge in underground markets, making it possible for
anyone with access to deploy ransomware, spyware and other types of malware with little effort. These
"hacker-in-a-box" tools will automate everything from writing to
deploying attacks, democratizing cybercrime and increasing the volume and
diversity of threats.
"Zero Trust for AI" Will Begin to Emerge as a Key Security Conversation
AI can be a powerful ally in security, but it also introduces new
risks-especially when users place unchecked confidence in its results. Blindly
trusting AI-generated outputs will become a major vulnerability for
organizations. This will lead to the rise of a new cybersecurity mandate: "Zero
Trust for AI." Unlike traditional Zero Trust principles, Zero Trust for AI is
not a prediction for the future; it's a concept ready for discussion now,
bringing a nuanced approach to trusting AI. This framework will require
organizations to verify, validate and fact-check AI outputs before allowing
them to drive critical security decisions. This shift will encourage security
teams to roll out trust incrementally, allowing for a more controlled and
secure integration of AI. Human oversight will become a non-negotiable
component of AI deployments within security environments.
Deepfakes Will Unleash a Devastating New Wave of Social Engineering
Attacks
No longer just a theoretical risk, video-based deepfakes will become
highly realistic and imperceptible from reality. This technology will be
weaponized in social engineering attacks, allowing criminals to impersonate
executives, forge high-stakes transactions, and extract massive payouts from
unsuspecting victims. With AI making deepfakes accessible at the push of a
button, the potential for financial fraud will explode, forcing organizations
to rethink how they verify identity in an increasingly deceptive world.
Conclusion
As Povolny emphasizes, technological advancements will both empower
cybercriminals and challenge defenders to innovate at an unprecedented pace.
From democratized malware creation to the rise of deepfake-driven social
engineering, the threats of tomorrow demand fresh frameworks, such as "Zero
Trust for AI," to validate and oversee AI-generated outputs. In 2025,
organizations must act swiftly to adapt, implementing proactive strategies to
safeguard against these emerging threats.
##
ABOUT THE AUTHOR
Steve
Povolny is Director of Security Research at Exabeam and Co-founder of TEN18. A
distinguished cybersecurity leader with more than 15 years of experience
leading global specialists of security researchers, data scientists, and
developers, he brings diverse technical expertise and is an effective people
leader with a track record of building high-performing teams. Povolny has a
deep understanding of the latest developments in cybersecurity and is a
frequent subject matter expert for the media. As a regular speaker at industry
conferences, Povolny often shares insights on emerging trends, attack surfaces,
and cutting-edge vulnerability and malware research.
In his
roles at Exabeam and TEN18, Povolny and team have a singular focus: integrating
world-class research into the industry's top cybersecurity solutions to disrupt
cybercrime and defend customers' critical assets.