As we look toward 2025, one thing is clear: artificial intelligence (AI) will take center stage in the ever-evolving world of cybersecurity. While AI offers immense potential to revolutionize defenses against cyberattacks, it also provides adversaries with new tools to launch sophisticated, large-scale attacks. Industry experts are calling 2025 the year of “AI vs. AI,” where both attackers and defenders rely heavily on the power of machine learning and automation. Willy Leichter, CMO of AppSOC, notes that AI will become a double-edged sword in cybersecurity. “We know that AI will be used increasingly on both sides of the cyber war,” Leichter explains. “However, attackers will continue to be less constrained because they worry less about AI accuracy, ethics, or unintended consequences.” This lack of constraint among attackers could lead to advancements in personalized phishing campaigns, faster network scans for vulnerabilities, and more efficient exploitation of legacy systems. On the defensive side, AI-powered tools can analyze vast amounts of data, identify patterns, and predict attacks. However, as Leichter points out, legal and ethical considerations will likely slow down the adoption of AI for defensive measures.
AI vs. AI: The Back-and-Forth Battle The integration of AI into both offensive and defensive strategies will create a high-stakes arms race. Chris Hauk, consumer privacy advocate at Pixel Privacy, predicts 2025 will witness constant battles between “good” and “bad” AI systems. “It will likely be a year of back-and-forth battles as both sides use information gathered from previous attacks to set up new attacks and new defenses,” he states. However, this AI-driven warfare will not be without new risks. According to Leichter, AI technology itself will become a target. As organizations rush to deploy AI applications without understanding their full security implications, they may unknowingly expand the attack surface for cyber adversaries. Karl Holmqvist, CEO of Lastwall, warns of the “unchecked, mass deployment of AI tools,” which could lead to severe consequences. “These systems, lacking adequate privacy measures and security frameworks, will become prime targets for breaches and manipulation,” Holmqvist explains. Organizations will need to implement robust foundational security controls and transparent AI frameworks to mitigate these escalating risks.
The Emerging Threat of AI-Powered Attacks As AI becomes more accessible, the barrier to entry for cybercriminals will lower significantly. Justin Blackburn, senior cloud threat detection engineer at AppOmni, highlights how AI-powered tools will enable even less-skilled attackers to execute large-scale cyberattacks. “Armed with these AI-powered tools, even less capable adversaries may be able to gain unauthorized access to sensitive data and disrupt services on a scale previously only seen by more sophisticated attackers,” Blackburn warns. The rise of autonomous AI, or “agentic AI,” is another area of concern. Unlike traditional AI systems that rely on human input, agentic AI operates independently, adapting to its environment and making decisions in real time. Jason Pittman, professor at the University of Maryland Global Campus, describes the potential for agentic AI to develop autonomous cyber weapons that could infiltrate systems and evolve their tactics without human intervention. “Such systems could use frontier algorithms to identify vulnerabilities and operate autonomously,” Pittman explains. The accessibility of advanced AI tools and open-source machine learning frameworks further increases the risk of these systems falling into the wrong hands.
AI Supply Chain Vulnerabilities In 2025, supply chain security will be one of the biggest challenges for cybersecurity teams, exacerbated by AI adoption. Leichter points out that supply chains are already a major vector for attacks, as they rely on complex software stacks with open-source components. The introduction of AI creates additional attack vectors, including poisoned datasets and manipulated models. Michael Lieberman, CTO of Kusari, emphasizes the risk of “data poisoning” in large language models (LLMs). “Data poisoning attacks aimed at manipulating LLMs will become more prevalent,” he predicts. These attacks could allow adversaries to embed harmful code or biases into models, leading to inaccurate predictions and compromised systems. Lieberman also warns about the proliferation of malicious pre-trained models. The 2024 Hugging Face incident, where hundreds of backdoored LLMs were discovered, highlights the risks of relying on unverified AI resources. As major players like OpenAI and Google train their models on massive datasets, ensuring the integrity of these models will become a critical challenge.
Defensive Measures: Mitigating AI Risks While the rise of AI introduces significant risks, it also provides opportunities to strengthen cybersecurity defenses. Organizations are increasingly deploying AI-driven tools to identify and secure sensitive information, such as personally identifiable information (PII). Rich Vibert, CEO of Metomic, notes, “In 2025, we’ll see more companies prioritize automated data classification methods to reduce the amount of vulnerable information saved in publicly accessible files.” AI-powered tools will play a key role in managing the vast amounts of data generated daily, enabling organizations to safeguard sensitive information more effectively. However, industry experts caution against overhyping AI’s capabilities. Cody Scott, senior analyst at Forrester Research, predicts a wave of disillusionment among security professionals in 2025 as the limitations of generative AI tools become apparent. “The thought of an autonomous security operations center using gen AI generated a lot of hype, but it couldn’t be further from reality,” Scott writes. Organizations will need to balance expectations and ensure that AI tools are implemented alongside strong foundational security practices.
The Road Ahead As we approach 2025, the integration of AI into cybersecurity will continue to reshape the landscape, bringing both promise and peril. Attackers will leverage AI to launch increasingly sophisticated attacks, while defenders will race to stay ahead with innovative solutions. The challenge for organizations will be to deploy AI responsibly, ensuring that its benefits are not outweighed by its risks. AI may be the future of cybersecurity, but it will also be a battleground—one where victory will depend on collaboration, innovation, and a commitment to ethical and transparent practices. References • Hauk, C. (2025). Pixel Privacy: Navigating the future of cybersecurity. Pixel Privacy Press. • Pittman, J. (2025). “The rise of agentic AI in cybersecurity.” Journal of Cybersecurity Innovations, 12(3), 45-60.