SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Digital Transformation
#
GenAI
#
AI

The AI revolution – security challenges and the critical role of zero trust

Today
By Michael Adjei, Director, Systems Engineering, Illumio

As we move through 2025, the influence of AI on our systems, security, and daily operations will continue to evolve rapidly. From regulatory challenges to the unintended consequences of automation, here are the key trends and challenges we can expect to unfold this year:

Mad scramble for AI guidelines and frameworks
With GenAI tools now ubiquitous, 2025 will see a frantic scramble to rein in AI – just as we saw with social media. The focus will not only be on protecting users but also on having frameworks to safeguard AI from other AI.

Frameworks and guidelines will be pushed at three levels: international (e.g. ISO), regional (e.g. initiatives led by organisations such as ASEAN or the Asia-Pacific Economic Cooperation), and organisational. The organisational level will likely be most effective due to clear guidelines on acceptable use and security, while higher levels become less effective. International regulations often allow room for interpretation, enabling businesses to circumvent them.

Attackers will hit the AI supply chain
In 2025, attackers will sharpen their focus on AI supply chains. They will seek out the sources, namely providers of GenAI tools and copilots. This will lead to more breaches involving AI companies, with cybercriminals exploiting vulnerabilities in products that expose customer data.

Attackers will also target the hardware supply chains of AI, such as power sources, to cause significant disruption to operations and services, especially as dependence on GenAI grows.

Social engineering will trick people into creating breaches
Ordinary users will, in effect, become unwitting participants in mass attacks in 2025. Social engineers will exploit popular applications, social media features, and even AI tools to deceive people into inadvertently running exploits for web-based or script-based vulnerabilities.

Attackers will employ a dual-use strategy, where a legitimate tool or application operates as expected but harbours malicious intent in the background. This approach will make victims appear culpable in potential mass exploitation incidents, enabling the true attacker to remain concealed in the shadows.

Automated machines will go haywire
As AI integrates into autonomous machines for greater efficiency, malfunctions, particularly in production lines and vehicles, may occur. These glitches could disrupt global supply chains, impact product availability, or, in severe cases, cause injury or loss of life.

The root of these issues lies in the hidden side of AI, which is often proprietary and doesn't get the level of scrutiny needed to guarantee safety. Vulnerabilities, sloppy coding, and biases tend to only come to light when users interact with generative AI tools. Unfortunately, this also means cybercriminals can spot these weaknesses at the same time.

Human intelligence or artificial intelligence, that is the choice
CISOs will be forced to make a choice between investing in people or AI next year - and the majority will choose AI! This shift towards AI will exacerbate the skills gap, as funding will be channelled solely into AI competencies—a limited field—at the expense of internships and training courses.

With regards to IT and cyber, the teams most likely to be affected by the move towards AI investments will be SOC teams, Incident Response teams, and programmers. 
Organisations will view these roles as ones that can be rapidly automated by AI, resulting in a loss of critical skills within these teams.

Amid this fast-changing landscape, adopting proactive strategies to eliminate implicit trust from digital systems, both in identity management and system communications, has become essential. Zero Trust offers the clarity and control needed to secure supply chains, protect against social engineering exploits, and safeguard critical AI systems without compromising innovation. While we can't stop attackers from gaining entry, with Zero Trust, we can prevent an incident from becoming a disaster. A case in point is Zero Trust Segmentation, which increases cyber resilience.

The speed at which AI is reshaping the security and operational landscape is faster than most organisations can keep up with; 2025 shows no signs of slowing down. How businesses manage these challenges – balancing automation with human expertise, securing supply chains, and following practical frameworks – will define their success in the AI-driven era. The choices made now will set the tone for the next era of innovation and resilience.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Entrust launches AI identity tool to tackle USD $112bn fraud
OneAdvanced appoints new SVP for Managed IT Services role
DigiCert strengthens EMEA & APAC teams with new VPs
Intelliworx hires Jeremy Mumford to boost UK expansion plan
F5 launches AI assistant to boost network security control
Top stories
SentinelOne upgrades Purple AI with major platform links
Azul ensures Java solutions comply with DORA EU standards
Kaspersky enhances SIEM solution with AI & new features
Zendesk exploit allows phishing scams, CloudSEK reports
Privacy pros stressed by cuts & regulatory demands