Cybersecurity Predictions for 2025 and Beyond
Two years ago, the focus was on cybersecurity trends for 2024. Last year, attention shifted to what 2025 might bring. Now, as 2026 approaches, it’s time to look ahead once again — but before doing that, it’s worth revisiting the previous predictions to see how accurate they turned out to be.
Looking Back: How the 2024 Predictions Performed
1. Passkeys Taking Over Passwords
The prediction that passkeys would start replacing passwords has proven true. One password management company reported 4.2 million passkeys stored in their system, with one in three users adopting them. Even more encouraging, the number of websites accepting passkeys has doubled. This shows that the shift to stronger, password-free authentication is well underway.
2. AI-Driven Phishing Attacks
AI has transformed phishing attacks in worrying ways. Email security companies have observed a sharp rise in well-written and highly personalised phishing emails generated by AI. These messages are free from the spelling and grammar mistakes that used to give away fake emails, making them harder to identify and far more convincing.
3. The Deepfake Problem
Deepfake technology has moved from theory to reality. One major case saw a company lose $25 million after an employee was tricked during a video call by a deepfake impersonating their CFO. Another incident during the 2024 New Hampshire primary featured a deepfake robocall of President Joe Biden, designed to mislead voters. These examples show that deepfakes are no longer just a novelty — they’re a real threat to both businesses and democracy.
4. The Challenge of AI Hallucinations
Generative AI has improved, but it still makes factual errors. A simple example involved converting running speeds, where a chatbot gave an impossible result before correcting itself when prompted again. These so-called “hallucinations” continue to be an issue, showing that AI tools, while powerful, are not yet perfectly reliable.
5. Securing Artificial Intelligence
Perhaps the most relevant trend has been the rise in demand for securing AI systems themselves. Organisations are increasingly asking how to protect their AI models from attacks, manipulation, and data breaches. At the same time, AI is being used as part of the defence — through tools like retrieval-augmented generation (RAG), which can support cybersecurity analysts with faster, fact-based answers and summaries.
What Lies Ahead in 2025 and Beyond
1. Shadow AI
Shadow AI refers to the use of unauthorised AI systems within organisations. Employees often download or experiment with AI tools without company approval, which can lead to data leaks, policy violations, and unmonitored risks. With AI increasingly integrated into mobile and cloud platforms, this issue is expected to grow.
2. Deepfakes Becoming More Advanced
Deepfake technology will continue to improve, creating serious challenges for governments, businesses, and the legal system. In future, even authentic videos might be dismissed as fake, and fake ones could be accepted as real. This will complicate everything from legal evidence to public trust in information.
3. AI-Generated Malware
AI can now generate working code — including malicious code. Research has shown that AI models can write exploit scripts for vulnerabilities in 87% of cases when given the right description. One major retailer reported a sevenfold increase in cyberattacks within six months, likely linked to attackers using AI to automate their work.
4. Expanding Attack Surfaces
Every new AI system adds another entry point for attackers. These systems can be targeted directly, allowing hackers to poison data, alter responses, or extract information. As businesses adopt more AI-driven tools, their overall attack surface continues to expand.
5. Prompt Injection Threats
Prompt injection attacks manipulate AI models by tricking them into ignoring safety instructions. According to OWASP (Open Worldwide Application Security Project), this is now the top threat facing large language models. It’s a new form of social engineering — this time aimed at machines — and it’s becoming a major concern for security teams.
6. Using AI to Strengthen Cybersecurity
AI won’t just cause problems — it will also help solve them. In the coming years, expect to see AI tools assisting analysts by identifying threats, suggesting responses, and summarising incidents. While full automation still carries risks due to AI errors, using AI as an advisory tool could make cybersecurity faster and more efficient.
7. Preparing for Quantum Computing
Quantum computing is another major factor shaping the future. Once powerful enough, quantum computers will be able to break current encryption standards. Organisations are now moving towards quantum-safe cryptography — encryption methods designed to resist quantum attacks. Delaying this transition could be risky, as hackers might already be copying encrypted data today to decrypt later, a tactic known as “harvest now, decrypt later.”
The Outlook Ahead
Cybersecurity in 2025 will be defined by AI on both sides — strengthening defences while simultaneously enhancing attacks. Organisations must manage this balance carefully: securing their AI systems, verifying digital authenticity, and preparing for the post-quantum world.
While the risks are increasing, the tools to combat them are improving as well. The key lies in using AI responsibly, maintaining human oversight, and ensuring that innovation doesn’t outpace security.
