Using AI To Its Full Cybersecurity Potential

As 2024 closes out as the “Year of AI,” the technology’s transformative impact on industries worldwide shows no signs of slowing down into 2025. A recent report by the UK government revealed that 68% of businesses are already using at least one AI technology, with another 32% planning to implement it.

From reducing financial costs, to its fast and efficient processes, artificial intelligence brings a wealth of benefits to the cybersecurity space. 

Its role in this industry is now critical, offering enhanced threat detection, proactive defence, and adaptive learning capabilities. By analysing vast datasets, AI can identify risks such as phishing and malware faster than traditional methods, enhancing cyber resilience. However, the same capabilities that make AI a powerful protection tool can also be exploited by cybercriminals. AI-generated deepfakes, large-scale bot attacks, and advanced hacking techniques are becoming increasingly sophisticated, highlighting the two-sided nature of AI in cybersecurity. 

We spoke to four industry experts to find out their predictions for 2025 when it comes to AI and its pros and cons. 

AI: Friend Or Foe?

AI is set to play a pivotal role in the cybersecurity landscape, acting as both friend and foe. Geoff Barlow, Product and Strategy Director at Node4, notes that “AI is playing a dual role in the cybersecurity arena, both enhancing and challenging it.” While AI empowers cybercriminals by increasing “the speed, volume, and sophistication of cyber-attacks,” it also offers powerful tools for defence, enabling organisations to “anticipate and respond to threats.” Node4’s Mid-Market Research reveals that 30% of IT decision-makers view AI as a top cybersecurity threat, with 28% concerned it could expose businesses to new risks, and 25% worried it could inadvertently leak sensitive data.

Barlow highlights that organisations must focus on “improving threat detection, hunting, and intelligence capabilities using AI” while addressing the AI skills gap through education and third-party support. 

Similarly, Moshe Weis, CISO at Aqua Security, highlights that GenAI continues to empower attackers through enabling “complex, targeted phishing, deepfakes, and adaptive malware.” However, it also supports defence through “cloud-native security solutions [that] leverage GenAI to automate threat detection and response across distributed environments,” providing real-time analysis and predictive defences.

By 2025, Weis emphasises that “using AI within cloud-native frameworks will be essential for maintaining the agility needed to counter increasingly adaptive threats.”

The Rules & Regulations of AI

Another focus in cybersecurity for 2025 is the need for a more integrated approach to governance, risk, and compliance (GRC). Matt Hillary, CISO at Drata, highlights that “security, privacy, and compliance will become increasingly intertwined,” driven by “increasing cyber threats, stricter regulations, and a heightened public awareness of privacy issues.” The rise of AI further complicates this landscape, as organisations must navigate “the ethical and privacy implications of the use of AI in GRC processes” while balancing its potential with maintaining high privacy standards.

Simultaneously, advancements in cloud-native solutions could enhance security across the data lifecycle.

Aqua Security’s Weis emphasises that these solutions “provide dynamic protection across data lifecycles, securing data at rest, in motion, and in use,” which will be critical as “stricter compliance standards and more data-centric attacks demand robust, consistent security.”

Dane Sherrets, Staff Innovations Architect at HackerOne, summarises that 2025 will bring “greater industry adoption of AI security and safety standards” to improve transparency in processes. Businesses will increasingly focus on “responsible AI adoption” and employ methods like “AI red teaming” to uncover safety and security vulnerabilities in generative AI systems.

Training For The AI-Driven Cybersecurity Era

However, due to its rapid rise in popularity, a significant AI skills gap has also emerged. A survey from AI Quest found that 75% of employees lack the understanding of how to effectively use AI in their roles. As businesses navigate the complexities of AI, training employees in its potential whilst mitigating risks will be essential to fully benefit from its capabilities over the next year.

Sherrets highlights the importance of “benchmarks that improve AI transparency,” such as the adoption of AI model cards. These model cards function “much like nutrition labels on packaged goods,” providing users with essential information, including the model’s intended use, “performance evaluation procedures, and metadata about the datasets” involved. This transparency will be crucial for fostering trust and accountability in AI-driven systems both internally and externally.

Equally vital is equipping employees with the skills to navigate and manage AI tools effectively. Node4’s Barlow emphasises that “regardless of the tools or service chosen to help, all organisations should be implementing some form of training to support in-house employees with the surge in AI adoption.”

By investing in comprehensive training, organisations can ensure their workforce is prepared to leverage AI responsibly and effectively, enabling them to “tackle whatever AI developments and threats [emerge] in 2025.” 

Image: Ideogram

You Might Also Read: 

How AI Is Reshaping The Cybersecurity Landscape:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 


 

« Cybersecurity Challenges In Managing Learning Centres
How CISOs Can Master Cyber Attack Communications »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

HUB International

HUB International

HUB is one of the largest insurance brokers in the world. HUB Risk Services provides the full range of expert consulting to identify risks, reduce exposure to loss and manage claims issues.

Integrity360

Integrity360

Integrity360 provide fully managed IT security services as well as security testing, integration, GRC and incident handling services.

ZeroFox

ZeroFox

ZeroFox safeguards modern organizations from dynamic security risks across social, mobile, surface, deep and dark web, email and collaboration platforms.

Wallarm

Wallarm

Wallarm is the only unified, best-in-class API Security and WAAP (Web App and API Protection) platform to protect your entire API and web application portfolio.

Stealthcare

Stealthcare

Stealthcare is a full service, global cyber security firm offering solutions that educate, empower and protect.

Greenetics Solutions

Greenetics Solutions

Greenetics Solutions is a company focused on providing solutions for information security.

Sigma IT

Sigma IT

SIGMA IT is one of the largest IT services organizations in EMEA region providing a full range of solutions and services including cybersecurity, data protection and business continuity.

Forum Systems

Forum Systems

Forum Systems is a global leader in API Security Management with industry-certified, patented, and proven products deployed in the most rigorous and demanding customer environments.

PreEmptive Solutions

PreEmptive Solutions

PreEmptive Protection hit the sweet spot between cost, convenience and functionality by helping you protect and secure your apps in a smarter way.

Mitnick Security

Mitnick Security

Mitnick Security is a leading global provider of information security consulting and training services.

Cheops Technology

Cheops Technology

Cheops is a specialist in IT Business Technology Services. We help SMEs and large companies build, optimize and manage their IT so they can focus on their core business.

Datastream Cyber Insurance

Datastream Cyber Insurance

DataStream Cyber Insurance is designed to give SMB’s across the US greater confidence in the face of increasing cyber attacks against the small and medium business community.

Pulsant

Pulsant

Pulsant is the UK’s premier digital edge infrastructure company providing next-generation cloud, colocation and connectivity services.

Code First Girls

Code First Girls

Code First Girls are on a mission to close the gender gap in the tech industry by providing employment through free education.

ReformIT

ReformIT

ReformIT is a Managed IT Service and Security provider with many years experience helping companies find the right IT solutions to meet the needs of their businesses.

DRT Cyber

DRT Cyber

DRT Cyber deploys technology solutions to support the functions of cybersecurity, privacy, and risk management.