Artificial intelligence (AI) is set to play a transformative role in the cybersecurity sector in 2025. Experts and analysts agree that AI will be deployed by both attackers and defenders, but it’s the malicious actors who may reap the bigger benefits. Here’s a look at how AI is expected to impact cybersecurity, according to industry leaders and analysts.
Attackers Will Leverage AI More Effectively
Willy Leichter, CMO of AppSOC, an application security and vulnerability management provider, emphasized that cybercriminals are likely to gain more from AI advancements than defenders.
“We know that AI will be used increasingly on both sides of the cyber war,” Leichter explained. “However, attackers will continue to be less constrained because they worry less about AI accuracy, ethics, or unintended consequences. Techniques such as highly personalized phishing and network scans for legacy vulnerabilities will benefit greatly from AI.”
While defenders have access to AI tools, their adoption may be slowed by regulatory and ethical constraints. Chris Hauk, consumer privacy champion at Pixel Privacy, predicts 2025 will see a battle of AI versus AI, with security teams deploying AI to counter AI-powered attacks.
“It will likely be a year of back-and-forth battles as both sides use information gathered from previous attacks to set up new offensives and defenses,” Hauk noted.
AI Systems as New Attack Targets
In addition to enhancing existing cyberattacks, AI systems themselves will become prime targets. Leichter predicts that adversaries will increasingly target the AI infrastructure of organizations.
“AI greatly expands the attack surface area with rapidly emerging threats to models, datasets, and machine language operations systems,” he explained. “When AI applications are rushed from the lab to production, the full security impact won’t be understood until breaches occur.”
Karl Holmqvist, CEO of Lastwall, warned that the rapid deployment of AI tools without strong security measures could have severe consequences.
“The unchecked, mass deployment of AI tools will lead to severe breaches in 2025,” Holmqvist said. “Organizations will need to prioritize foundational security controls, transparent AI frameworks, and continuous monitoring to mitigate escalating risks.”
Security Teams Face New Responsibilities
Security teams will need to take on more responsibility for securing AI systems in the coming year. Leichter pointed out that many AI projects have been led by data scientists and business specialists who often bypass traditional security protocols.
“Security teams will lose the battle if they try to block or slow down AI initiatives,” he stated. “Instead, they must bring rogue AI projects under their security umbrella.”
AI’s expanding attack surface will also make software supply chains more vulnerable. Leichter noted that the growing reliance on third-party and open-source code creates new vectors for attacks on datasets and AI models.
Data Poisoning Threats to AI Models
Michael Lieberman, CTO and co-founder of Kusari, sees data poisoning attacks as a rising concern in 2025. These attacks aim to manipulate large language models (LLMs) by injecting malicious data into their training datasets.
“Most organizations rely on pre-trained models that lack transparency,” Lieberman said. “This makes it easy for malicious actors to introduce harmful models, as seen in the Hugging Face malware incident.”
The Hugging Face incident in early 2024 exposed over 100 LLMs with hidden backdoors that allowed arbitrary code execution on users’ machines. Lieberman predicts that future attacks will target major players like OpenAI, Meta, and Google.
“Attackers are likely to outpace defenders in 2025,” he warned. “It may take a significant breach akin to the SolarWinds Sunburst incident to prompt serious action.”
The Rise of AI-Powered Threat Actors
AI advancements will lower the barrier to entry for less skilled attackers. Justin Blackburn, senior cloud threat detection engineer at AppOmni, noted that AI-powered bots will enable large-scale attacks with minimal effort.
“As AI becomes more accessible, even less capable adversaries may gain unauthorized access to sensitive data and disrupt services on a scale previously seen only with well-funded attackers,” Blackburn explained.
The Emergence of Agentic AI in Cybersecurity
One of the most concerning trends for 2025 is the rise of agentic AI — autonomous systems that can make decisions and act without human intervention. Jason Pittman, a cybersecurity professor at the University of Maryland Global Campus, highlighted the risks posed by agentic AI.
“Agentic AI systems can use advanced algorithms to identify vulnerabilities, infiltrate systems, and evolve tactics in real time without human steering,” Pittman explained.
He warned that such systems could be developed and deployed by non-state actors, potentially releasing autonomous cyber weapons into the wild.
“The accessibility of advanced AI tools lowers the barrier for creating sophisticated cyber weapons,” Pittman said. “Once created, the powerful autonomy of agentic AI can easily lead to systems escaping their safety measures.”
Final Thoughts
The cybersecurity landscape in 2025 will be heavily influenced by advancements in AI. Both defenders and attackers will leverage AI, but malicious actors may have the upper hand due to fewer constraints and ethical considerations.
Organizations will need to prioritize robust security frameworks and adopt proactive measures to safeguard their AI systems. As agentic AI emerges, cybersecurity professionals must prepare for a new era of autonomous threats, where cyber battles are fought in real time by AI agents with minimal human intervention.
The key to success in this evolving landscape will be collaboration, transparency, and continuous monitoring to mitigate risks and stay one step ahead of AI-powered adversaries.
We have helped 20+ companies in industries like Finance, Transportation, Health, Tourism, Events, Education, Sports.