Towards the end of the year, it’s normal for security vendors and companies to send their predictions for the new year to the press. The quantity that SC UK received far outnumber any rational way that we could use them, so therefore I triaged all of the predictions into common categories - of which there were around 20 that were most commonly cited.

Picking the most common trends, over the next couple of months we will look at the most popular predictions in a series of articles.

Now it may not surprise you to learn that the most cited trend was artificial intelligence (AI) in various guises; we’ll look at the primary category of AI later. For this first review of the new year, we’ll look at the sub-sector of Generative AI, or GenAI for short.

Transformed

I guess the most commonly known form of GenAI to most of us is ChatGPT, which marked its second birthday just over a month ago. Commenting that “GenAI has transformed the security landscape” in its short lifespan, experts have repeatedly said that ChatGPT is being used on both offensive and defensive sides of cybersecurity. 

Darren Thomson, field CTO EMEAI at Commvault, said that the rise of AI through publicly available tools such as ChatGPT is reshaping the cybersecurity landscape, with an increase in both the risks posed by cyber-attacks and the potential for defence. 

Phase of Scepticism

The comments received by SC UK were a mix of seeing opportunity, and negative consequences. For example Marc Laliberte, director of security operations at WatchGuard, believes that GenAI will enter “a phase of scepticism, bolstered by the use of video and audio deep fakes and numerous highly publicised gaffes.”

He believes cyber-criminals will exploit underestimated advancements in AI, combining them with other tactics to deceive organisations and consumers.

Also Sohrob Kazerounian, distinguished AI researcher at Vectra AI, believes 2025 will be the year when GenAI is used to cause a data breach.

“In 2025, we will hear of numerous cases where threat actors trick a corporate GenAI solution into giving up sensitive information and causing high-profile data breaches,” they said, especially as enterprises use GenAI to build customer-facing chatbots.

Kazerounian said in order to be useful, large language models (LLMs) must ultimately be granted access to information and systems in order to answer questions and take actions that a human would otherwise have been tasked with.

“As with any new technology, we will witness numerous corporations grant LLMs access to huge amounts of potentially sensitive data, without appropriate security considerations,” they said.

Kazerounian said the opportunity for threat actors could also instruct an LLM are real, especially where security practitioners that haven’t kept pace with LLM technology or put guardrails in place.

“This means creating robust protections to stop LLMs giving up sensitive information and setting up ways to detect if a threat actor is probing an LLM, so the conversation is shut down before it’s too late.”

Integration

The other comments were far from negative though. Selvaratnam Uthaiyashankar, senior vice president and general manager - Integration, at WSO2, said that 2024 saw integration vendors incorporate more GenAI capabilities into their products to improve ease of use, and enhance the overall development experience.

He said he expects that to continue into 2025 and beyond, when “more vendors will add AI-powered features such as natural language-based code generation, test case generation, automatic documentation creation, and support to build GenAI apps.”

He also said that advancements in GenAI will see users be able to implement new scenarios in integration-focused use cases, “such as intelligent document processing, and intelligent process automation.”

Data Security

On the theme of data security, Arvind Nithrakashyap, co-founder and chief technology officer of Rubrik, said this stands out in the discourse around the adoption and evolution of GenAI.

“As GenAI models require vast amounts of data to learn and generate content, ensuring this data's privacy, confidentiality, and integrity becomes paramount,” said. “Companies that can offer robust data security measures will gain a competitive edge, fostering greater trust among users and partners.

Nithrakashyap went on to say that data security will become GenAI’s driving force, as businesses and consumers demand more from AI in terms of capability and security, “GenAI's future looks increasingly intertwined with advancements in data protection.”

This is probably the most public facing sub-division of AI: it involves chatbots that are a regular part of websites, and the ability to create multiple types of content. GenAI does have a strong future, but are those guardrails and data security considerations being added a bit too late? 

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.