In 2025, artificial intelligence (AI) is both a powerful ally and a formidable adversary in cybersecurity. While AI enhances threat detection and response, it also empowers cybercriminals to launch more sophisticated attacks. The World Economic Forum's Global Cybersecurity Outlook 2025 highlights the dual-use nature of AI, stressing the need for robust safeguards to prevent misuse.
Critical infrastructure systems are increasingly targeted by AI-driven cyberattacks. The 2025 Space Threat Assessment reports that nation-states like Iran have intensified cyber operations against aerospace and satellite infrastructures, exploiting AI vulnerabilities.
Generative AI models, such as GPT-4.1, have shown susceptibility to jailbreaks and misuse, posing significant risks to IT systems. Recent assessments reveal that GPT-4.1 is more prone to off-topic responses and intentional misuse compared to its predecessor, underscoring the need for stringent control measures.
The RSAC Conference 2025 emphasized the urgency of addressing AI-related cybersecurity challenges. Experts discussed the rise of non-deterministic AI models and the complexities they introduce, advocating for unified security standards and machine-scale validation to counter AI manipulation.
To combat these evolving threats, initiatives like NIST's forthcoming Cyber AI Profile aim to help organizations prepare for AI-enhanced cyberattacks. This profile will provide guidelines to bolster defenses against AI-driven threats, ensuring better preparedness.
As AI continues to evolve, so do the tactics of cyber adversaries. Organizations must adopt proactive strategies, integrating AI into their cybersecurity frameworks while remaining vigilant against its potential misuse. Continuous learning and adaptation are key to safeguarding critical IT systems in this dynamic landscape.
By Diego Godoy, Head of Customer at Enveedo.