By Josh Lemos, CISO at GitLab

Security teams have always had to adapt to change, but new developments that will play out next year could make 2025 particularly challenging. The accelerating pace of AI innovation, increasingly sophisticated cyber threats, and new regulatory mandates will require CISOs to navigate a more complex landscape.

Vendors are rapidly adding AI-enabled features to existing products, and the foundational LLMs they are using present a new attack surface that malicious actors will try to exploit. CISOs will need to understand their level of exposure to these threats and how to mitigate them.

Simultaneously, the dynamic landscape of cybersecurity regulations, particularly in regions like the European Union and California, demands enhanced collaboration between security and legal teams to ensure compliance and mitigate risks. This convergence of new technologies and laws means CISOs must balance board-level compliance needs with novel security challenges to protect their organizations.

Despite the potential security challenges posed by generative AI, it also offers opportunities to improve the security of software development processes. By proactively identifying vulnerabilities and enabling greater automation, AI will help close the gap between developers and security teams.  

Here are three trends that will dominate the enterprise security landscape in 2025. 

Vulnerabilities in proprietary LLMs can lead to organization-wide security consequences

Software vendors are rushing to add AI-enabled features to their products, often by leveraging proprietary foundational LLMs. As attackers start to find vulnerabilities in these models, they will open a new attack vector with potentially wide-scale consequences.  Industry consolidation increases risk.

Proprietary models reveal little information about their provenance or internal guard rails, making them much harder for security professionals to understand and manage. As such, attackers can embed malware or exploit lesser-known attack surfaces in a model's feature space. 

Because the industry relies heavily on a few proprietary LLMs, these attacks could have cascading effects throughout the software ecosystem, potentially leading to wide-scale outages or impacts. 

Companies must deploy adaptive identity management for AI and cloud workloads

The growth of cloud-native and AI applications creates new challenges for identity management systems. Next year, access control must become more adaptive to deal with the increase in non-human, service-based identities. 

Systems that manage identity and permissions have already been transitioning from their traditional, static state to a more ephemeral and adaptable framework, reflecting the agility required for modern digital interactions. These needs will become even greater in the year ahead. 

AI-driven applications, in particular, demand a solid understanding of transitive identities. These applications require systems that provide secure and efficient access, even as roles and needs constantly evolve.

Organizations should leverage AI to expand security throughout DevOps processes

In a recent survey, 58% of developers said they feel some degree of responsibility for application security. However, the demand for security-skilled DevOps professionals still outpaces supply. 

AI will continue democratizing security expertise within DevOps teams by automating routine tasks, providing smart coding recommendations, and further bridging the skills gap. Security will be integrated throughout the build pipeline, enabling the early identification of potential vulnerabilities at the design stage by leveraging reusable security templates that can be integrated into developer workflows.

Authentication and authorization will also be improved, with AI automatically assigning roles and permissions as services are deployed across cloud environments. 

The net result will be improved security outcomes, reduced risk, and enhanced collaboration between developers and their security peers. 

Deploying AI Technologies to Defend Against Modern Threats

As the technology landscape continues to evolve and cyber threats become increasingly sophisticated, CISOs must recognize the new threats that AI can present while embracing AI-powered solutions to stay ahead of them. 

By leveraging AI to automate security tasks, identify vulnerabilities, and respond to threats in real-time, organizations can strengthen their security posture and stay ahead of the fast-evolving threat landscape.

##

ABOUT THE AUTHOR

Josh Lemos is the CISO at GitLab Inc., where he brings 20 years of experience leading information security teams to his role. He is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected, fortifying the GitLab DevSecOps platform and ensuring the highest level of security for customers. A talented security practitioner and technology leader, Josh is widely recognized for his strategic vision, his ability to drive growth and innovation, and his passion for building and empowering teams. He believes in technology's potential to transform the world and the need to secure it against emerging threats. Josh has led security teams at numerous high-growth technology companies including ServiceNow, Cylance, and most recently Block (formerly known as Square).