2025 Cybersecurity Predictions: Insights from Experts and AIs
In this episode of Breaking Badness, Kali Fencl, Sean McNee, Tim Helming, and Daniel Schwalbe explore the future of cybersecurity by combining their expertise with AI-generated predictions. Using AI platforms like Copilot, Claude, ChatGPT, and Meta AI, the team covers major themes, unexpected insights, and reflects on the evolving cyber landscape.
Recapping 2024 Predictions: Wins, Misses, and Lessons
Before diving into 2025, the team revisits their 2024 predictions to assess their accuracy with the help of Microsoft's Copilot. Here’s what stood out:
- InfoSec Community Migration: While Twitter/X persists, platforms like BlueSky and Mastodon gained momentum, especially recently.
- Cyberwar in Russia-Ukraine Conflict: “We were super excited about cyber bombs, but instead we got cyber spies,” notes Sean McNee, highlighting the focus on espionage over disruption.
- Ransomware Trends: The prediction that extortion (not encryption) would dominate proved partially true.
- Generative AI Integration: AI tools like Microsoft Security Copilot made significant impacts.
Nation-State Actors: Cyber Espionage Takes Center Stage
AI predictions for nation-state actors emphasized the evolving sophistication of cyber campaigns:
- Russia: Focus on disinformation campaigns, electoral systems, and critical infrastructure.
- China: Increased cyber espionage targeting AI and quantum computing technologies.
- North Korea: Continued reliance on cryptocurrency theft to fund nuclear ambitions.
"Countries like Russia and China are moving to attack critical supply chains and infrastructure—an ongoing and growing concern," - Sean McNee
Ransomware: Triple Extortion and Cloud-Native Variants
AI predictions highlighted how ransomware actors will innovate:
- Triple Extortion: Threats to encrypt, steal, and publicly expose sensitive data.
- Cloud-Native Targets: Claude warned of cloud-specific ransomware variants, reflecting the growing reliance on cloud infrastructure.
- Ransomware-as-a-Service: This model will remain dominant, particularly in Russia and Southeast Asia.
“Recovery is getting better, but the real money for ransomware gangs lies in public exposure,” - Daniel Schwalbe.
Generative AI: A Double-Edged Sword
AI will revolutionize cybersecurity, for both defenders and attackers:
- Phishing and Social Engineering: AI will make attacks more convincing, bypassing traditional defenses.
- AI-Driven Defenses: Tools capable of real-time vulnerability analysis and proactive threat detection.
- Claude’s Bombshell Prediction: “The first major security incident will be directly attributed to a compromised AI model.”
“Imagine a threat actor embedding traps into an AI detection model. It’s the ultimate supply chain attack,” - Daniel Schwalbe.
Unexpected Predictions: Quantum Computing and Synthetic Fraud
AI platforms generated unique forecasts under the "unexpected" category:
- Quantum Computing: Major advancements could soon crack conventional encryption. What is Post-Quantum Cryptography?
- Synthetic Identity Fraud: AI-driven fake identities will challenge digital verification systems across finance, telecom, and e-commerce. “Synthetic profiles could pass KYC checks, making onboarding riskier for companies,” said McNee.
- Internet of Bodies (IoB): Security risks for medical implants and biometric devices could increase.
The Future of Cybersecurity Budgets and Vendors
The consolidation of cybersecurity vendors will continue as larger players acquire niche specialists. AI-driven automation will dominate, with budgets skewing toward cloud security, zero trust architectures, and AI-driven tools.
“The macroeconomic outlook will play a major role in determining how much gets spent on cybersecurity,” - Tim Helming.
Final Thoughts and Fun Predictions
The episode ends with lighter predictions, including Sean McNee’s forecast of a downtown Seattle resurgence and Tim Helming’s suggestion for multi-sport athlete swaps. As Kali wraps up, the team leaves listeners with this thought: “Will we see the first major AI-compromised security incident in 2025? Let’s keep an eye on Claude’s prediction.”
Watch on YouTube
That’s about all we have for this week, you can find us on Mastodon and Twitter/X @domaintools, all of the articles mentioned in our podcast will always be included on our podcast recap. Catch us Wednesdays at 9 AM Pacific time when we publish our next podcast and blog.
*A special thanks to John Roderick for our incredible podcast music!
Heading
