The cybersecurity landscape is advancing at a breakneck pace, with attackers continuously refining their strategies. Artificial intelligence (AI) has become a key tool for cybercriminals, enabling them to create highly convincing malware and decoys, even in languages that previously posed a barrier. Additionally, AI is facilitating the automation of attacks and the precise targeting of victims, initially focusing on individual consumers through social media and messaging apps, before shifting their efforts towards larger organizations.
This evolution affects not only the attack vectors. Organizations also face growing challenges stemming from digital identity management, multi-cloud environments, and new data strategies, all within a more demanding regulatory framework that requires stricter controls. As a result, having the right and effective tools has become a fundamental priority for security teams.
In this context, Proofpoint, a leader in cybersecurityCybersecurity solutions are essential in the era of… and regulatory compliance, has shared its predictions for the upcoming year. These insights shed light on emerging trends and technologies that will define security challenges and solutions in the near future, emphasizing the importance of rapidly adapting to a constantly evolving environment.
Cybercriminals Will Exploit AI by Manipulating Private Data
We are currently witnessing a fascinating convergence in the realm of AI, as models gain more capabilities, and semi-autonomous AI agents are integrated into automated workflows. This evolution opens up interesting possibilities for cybercriminals to serve their own interests, particularly regarding how they might manipulate the private data used by large language models (LLMs). As AI agents increasingly rely on private data from emails, SaaS document repositories, and similar sources for context, securing these threat vectors will become even more critical. According to Daniel Rapp, Director of AI and Data at Proofpoint, next year we will begin to see the first attempts by attackers to manipulate private data sources: “It’s possible that cybercriminals will intentionally mislead AI by contaminating the private data used by LLMs, such as deliberately altering emails or documents with false or misleading information to confuse the AI or make it do something harmful; and this will require greater vigilance and advanced security measures to ensure that AI isn’t misled by incorrect information.”
The Era of AI Machines for Decision Making
“Generative AI will go beyond content generation to become the decision-making engine behind countless business processes, from human resources to marketing or DevOps,” explains Ravi Ithal, Managing Director of the DSPM Group in R&D and product management. By 2025, AI will act as a developer’s assistant, performing everything from automating bug fixes to testing and optimizing code. The use of AI-assisted development tools will accelerate over the next year, bridging skill gaps, lowering error rates, and helping developers keep pace with the faster release cycles of DevOps. AI will also enhance DevOps by predicting potential bottlenecks and proactively suggesting optimizations. This will transform DevOps processes into predictive production lines and create workflows that resolve issues before they affect production.
AI Will Become an Essential Element in Business, Though Under Scrutiny
A few years ago, cloud computing, mobility, and Zero Trust were merely trendy concepts, but they are now integral to how organizations conduct business. “AI technologies, especially generative AI, are currently seen as a threat to third parties; and the question that CISOs are asking is how employees are using AI to determine where they might be putting confidential information at risk, which is why there’s increased scrutiny around how LLMs are powering these tools,” points out Patrick Joyce, Global CISO at Proofpoint. Understanding the risk, the materiality of that risk, the benefits, as well as the manufacturing and security safeguards of AI tools, will be a major concern for CISOs.
Geopolitics Will Influence Cyber Espionage and the Rise of Local Powers
This year has shown that state-aligned cyber espionage is deeply intertwined with geopolitical dynamics, and by 2025, APT operations will continue to reflect global and regional conflicts. According to Joshua Miller, Threat Researcher at Proofpoint, “cyber espionage campaigns will not be limited to the large nations historically regarded as mature cyber actors, but will proliferate various groups focused on regional conflicts seeking advantages in the cyber domain.” Additionally, state-sponsored adversaries will carry out operations to support other national objectives, such as spreading propaganda or generating revenue. It is also likely that selective threat actors will exploit the ongoing balkanization of the internet to distribute their malicious payloads.
Consumers Will Be the Testing Ground for Scams
“Over time, layered defenses and security awareness have fortified organizations against many everyday threats, causing a resurgence of cybercriminals who are targeting individual consumers for profit,” states Selena Larson, Threat Researcher at Proofpoint. Sophisticated job scams and pig butchering are two examples of social engineering outside a corporate environment. In 2025, we will see a resurgence in the number of less refined threat actors exploiting alternative communication channels, such as social media and encrypted messaging apps, to focus on fleecing individuals out of the visibility of the company.
The “How” Evolves Faster than the “What” Among Cybercriminals
The ultimate goal of cybercriminals hasn’t changed much over the past few years, as their attacks remain economically motivated. This is true for Business Email Compromise (BEC), aimed at triggering fraudulent wire transfers or gift card purchases, as well as ransomware attacks and data extortion following a malware or legitimate remote management tool initial attack.
“Nonetheless, the way attacks are carried out is evolving at a breakneck pace. The steps and methods employed by cybercriminals to induce a victim to download malware or make a payment involve more advanced and complex techniques,” says Daniel Blackford, Head of Threat Research at Proofpoint.
In the past year, financially motivated threat actors have manipulated email threads with responses from multiple compromised or spoofed accounts, used ClickFix techniques to run live PowerShell, and abused legitimate services like Cloudflare to add difficulty and variety to their attacks.
The pathway from the initial click (or response to the first-stage payload) will continue to become more specific and convoluted to mislead defenders and automated solutions.
Smishing Becomes More Visual with MMS Cyber Attacks
MMS-based abuse, utilizing messages with images or graphics to deceive mobile device users into providing confidential information or falling for scams, is a blossoming attack vector that will expand rapidly in 2025. In the words of Stuart Jones, Director of the Cloudmark Division, “MMS allows the sending of images, videos, and audio, making it a powerful tool for attackers to create more attractive and convincing scams by embedding malicious links to impersonate legitimate companies or services to deceive users, who often don’t realize they’re using MMS, creating a perfect storm for exploitation.”
The Role of the CISO Will Change
In 2025, we will see both the expansion and contraction of the CISO role. Already present in most boardrooms, many CISOs currently have the task of steering discussions and determining the importance of cybersecurity at a high corporate level, extending their traditional responsibilities. On the contraction side, there are also more instances of splitting or subdividing the already broad CISO function under the justification that it’s too much for one person. “Although it may not become a widespread trend, some are starting to divide the role between cyber architecture, threat defense, and incident response on one hand, and cyber governance, risk, and compliance on the other. If this continues, it will become a kind of two-headed dragon, and it will be harder to know who is responsible,” adds Patrick Joyce, Global CISO at Proofpoint.
More Consolidated Platforms, Fewer Flashy Point Solutions
The shift from fragmented solutions to trusted platforms will continue to gain momentum in the coming months. “Budget and talent constraints, along with the complexity of managing multiple non-integrated systems, are making consolidation a priority for CISOs,” notes Nate Chessin, Senior Vice President of Global Sales Engineering. CISOs and CIOs will focus on optimizing their existing vendor assets not only to reduce operational headaches but also to improve security outcomes, providing the resilience needed in a highly volatile cyber landscape.