Chris Harris | Associate VP, Sales Engineering
More About This Author >
Chris Harris | Associate VP, Sales Engineering
More About This Author >
“Round and round and round we go. Where we stop, nobody knows,” goes the popular children’s refrain. The same could be said of the AI merry-go-round as security analysts, lawmakers, and consumers alike process its break-neck evolution and hold tight for the ride ahead.
But the AI roller coaster is just one ride at the park. Also worth noting are impending advancements in quantum computing, a rise in deepfakes prompting a crack-down on identities, and data privacy conversations moving to priority one for many of the world’s largest stages.
Here’s a look at what we think is in store for artificial intelligence in 2025.
Where AI is heading in 2025
It’s hard to believe that ChatGPT was released just a little over 24 months ago (opening the floodgates for generative AI). Nothing has taken up so much mindshare in the security space since the internet became, well, the internet. Now we are here, grappling with the challenges and gearing up for whatever 2025 will bring.
And what is that exactly? We predict a few things:
- AI-based social engineering running rampant | Sophisticated, word-perfect AI-based phishing attacks will increase the number of breaches due to increasingly persuasive social engineering techniques. These include perfect spelling and grammar, the ability to communicate perfectly in virtually any language, and AI-generated profiles of users that analyze and copy their style of writing and speech, as well as voice-changing techniques and deepfake videos.
- New IAM tools to respond to AI-based threats | Synthetic AI-generated content will drive the adoption of identity and access management (IAM) tools like digital identity wallets, biometric identity verification, and AI/ML-powered document verification, especially in the financial sector.
- Enforcement of the EU AI Act | Countries grappling with the EU AI Act and other AI-based legislation as they struggle to meet mandated requirements for the safe and ethical use of artificial intelligence. Phased compliance deadlines range from 2 February 2025 to 2031, with at least one new metric to meet yearly.
- A Global AI legislative evolution | Other AI-based mandates will continue to emerge, such as a potential AI bill from the US (currently, no comprehensive AI legislation exists). The UK will continue to enforce its AI regulatory framework, outlined in a 2023 White Paper, and other countries will look to adopt additional AI-governing policies to establish data sovereignty and ensure data privacy.
- AI regulatory sandboxes | We might see the rise of AI regulatory sandboxes, or controlled environments in which organizations can safely test and develop their AI-based offerings before putting them on the market (and subjecting them to legislative oversight).
Quantum Computing and Crypto Agility
If GenAI is powerful, GenAI plus the power of quantum computing has the potential to “catapult AI’s capabilities into a realm where it can solve complex problems faster, generate more sophisticated and nuanced outputs, and unlock mysteries across various fields." As has been true so far, this can be both good and bad.
In anticipation, NIST released its first sets of post-quantum encryption standards. System admins are encouraged to transition over “as soon as possible,” and NIST already has its second set of algorithms underway. Hence, we anticipate crypto agility will be a major business imperative of 2025, with crypto centers of excellence cropping up among major enterprises. Large organizations will need to stay (or become) crypto-agile to keep pace with quantum-resistant cryptography.
Third Parties and B2B Identities
Third-party identities will face increased scrutiny as supply chain attacks continue to gain prominence in the public security consciousness. Enterprises are expanding their third-party reach in the inevitable growth towards increased digital connectedness, and that trend is only likely to continue. External identities will soon outnumber internal identities 3:1.
This will drive an increased need for organizations to understand business-to-business (B2B) identities, which has not been an area of much focus historically. We predict this will change in 2025, with B2B identity security taking up an increased share of organizations’ strategic security planning.
Data Security and Privacy Legislation
Currently, the US lags behind other international entities, like the EU, in comprehensive data privacy legislation. Typically allocated to states’ decision-making processes, we predict that the data privacy discussion in the US will evolve along more federal lines in the coming year.
The American Privacy Rights Act (ARPA), introduced in 2024, is still awaiting approval. The needle will likely continue to move in this direction as advances in AI (and geopolitical threats) bring increased risk to personally identifiable data (PII) and other federally held classified information pertaining to national security. As risks to critical infrastructure increase, we predict that comprehensive federal data privacy laws will become an ever-bigger topic of discussion in the US.
Internationally and domestically, new regulations such as NIS2, DORA, PCI DSS 4.0, the UK Cyber Resilience Act, and the EU AI Act will likely push companies to re-examine their practices and double down on governance, risk, and compliance.
Conclusion
We are in a time when changes come quickly, and organizations must stay light on their feet. Those hoping to weather 2025 well will need to stay attuned to current trends because they are coming regardless of whether teams are ready.
AI will play an ever-larger role in “business as usual” within the digital realm. Supply chains will continue to grow, so long-term plans for scaling them securely need to be in place. Companies must start planning now to adjust to future changes in computing and compliance.
As teams plan for what’s ahead, one underlying theme unifies what might seem like otherwise disparate directions. Protecting access to sensitive data still matters most, and organizations that can maintain strong data protection policies will keep the “big picture” in sight.