It may be hard to believe, but ChatGPT, which brought generative AI to the masses and triggered an explosion of enterprise interest, will be three years old in November.
After the initial generative AI hype, organizations began moving from proofs of concept to clear-eyed analysis of business value and ROI. The results haven’t always been great — with disillusionment now beginning to set in.
“Last year’s Hype Cycle for AI highlighted gen AI as a potentially transformational technology with profound business impacts,” says Gartner analyst Haritha Khandabattu. “This year, gen AI enters the Trough of Disillusionment as organizations gain understanding of its potential and limits.”
She adds, “AI leaders continue to face challenges when it comes to proving gen AI’s value to the business. Despite an average spend of $1.9 million on gen AI initiatives in 2024, less than 30% of AI leaders report that their CEOs are happy with AI investment return.”
Allie Mellen, principal analyst at Forrester Research, predicts that in through the end of the year “CISOs will deprioritize gen AI use by 10% due to lack of quantifiable value.”
While enthusiasm for AI in its various forms may be cooling off a bit — at least temporarily — there’s no stopping the profound impact AI will have on every aspect of enterprise IT. Our list of hot cybersecurity trends starts with the latest and most exciting iteration of AI, but we include several non-AI trends as well.
1. Agentic AI
Agentic AI has triggered some truly hyperbolic language that reflects the potentially game-changing promise of being able to hand off complex processes, such as intrusion detection and response or threat hunting, to an autonomous agent.
“We’re standing at the edge of a new human hybrid computing paradigm,” says Jeff Pollard, principal analyst at Forrester Research. “Agents will do more than execute code. They will make decisions, collaborate, and evolve.”
“It’s been described as a Cambrian explosion,” Jimmy Mesta, founder and CTO at RAD Security, previously told CSO’s Cynthia Brumfield. “It’s not just an evolution. It’s a spawning of a new way we do work and even live in a lot of ways, beyond security. There’s never been anything like it.”
Anushree Verma, senior director analyst at Gartner, adds, “The trend toward agentic AI represents a leap forward in AI capabilities and market opportunity. Agentic AI will provide new means to enhance resource efficiency, automate complex tasks and introduce new business innovations, beyond the capabilities of scripted automation bots and virtual assistants.”
Gartner predicts at least 15% of day-to-day work decisions will be made autonomously through agentic AI by 2028, up from 0% in 2024. In addition, 33% of enterprise software applications will include agentic AI by 2028, up from less than 1% in 2024.
All the top cybersecurity vendors are in the early stages of offering agentic AI as part of their platforms. For Palo Alto Networks, it’s Cortex AgentiX. For Cisco, it’s AgenticOps. The agentic advantage is that these systems can take autonomous actions.
Steve Moore, vice president and chief security strategist at Exabeam, says the key use cases for agentic AI in cybersecurity are real-time threat detection and response, adaptive threat hunting, offensive security testing, and automated case management.
For example, Sentinel One’s Purple AI agent acts as a force multiplier to help security teams analyze threats, prioritize alerts, and identify the most critical issues. According to Sentinel One, “From triage to response, Purple AI delivers speed at every step. Auto-triaged alerts, self-documenting notebooks, autogenerated reports and intelligent next steps help teams resolve threats 55% faster.”
2. Protecting AI from attacks
AI can help CISOs protect their IT infrastructure, but who’s protecting the AI?
“While 2024 saw a surge in proof-of-concept (POC) projects for gen AI, many organizations are moving these projects into production without conducting comprehensive risk assessments,” IDC concludes in its 2025 Security and Trust FutureScape.
“Companies may face significant vulnerabilities as they transition to gen AI use cases without fully evaluating their trust capabilities. This underscores the importance of a risk-based approach to AI adoption, ensuring that new technologies do not create unintended security gaps or ethical concerns,” the report adds.
There are several potential vulnerabilities associated with AI, starting with shadow AI, the unauthorized and unmonitored use of public AI by end users.
“Tools like ChatGPT, Claude, Mistral, and open-source LLMs like Llama and DeepSeek are too easy to use, too powerful, and too opaque. Employees adopt them to automate tasks, draft reports, analyze data, create presentations, or debug code, often unaware they’re handing sensitive data to third-party companies,” according to the Cloud Security Alliance.
About 38% of employees share confidential data with AI platforms without approval, according to research by CybSafe and the National Cybersecurity Alliance (NCA), making unauthorized AI use a mounting concern.
Other potential security threats include those aimed at enterprise AI infrastructure itself. Data poisoning, model theft, and malicious prompts are just a few of the threats emerging. Enterprises tapping into the greater AI ecosystem are at risk of rising AI supply chain threats as well.
Organizations should address the problem by discovering how end users are using AI, applying zero-trust principles, creating and enforcing acceptable use policies, monitoring AI-related application activity, deploying tools like data loss prevention (DLP) to flag unusual data flows, and educating end users on how to gain the benefits of AI while also protecting sensitive data. They should also tighten their DevSecOps practices, red-team their AI infrastructure, and keep apprise of the latest threats to AI models and their use.
3. Vicious vishing
By now, most end users have been trained to spot a fake email. The advantage the end user has in a phishing scenario is that there’s no urgency. The recipient of a potentially suspicious email can ignore it, read it over carefully, hover their mouse over the link, etc.
An urgent phone call from the help desk asking an end user to confirm or change credentials is an entirely different proposition that requires split-second decision-making. Same with a phone call to the help desk from a frantic user who claims to be locked out.
That’s why the annual 2025 CrowdStrike Global Threat Report reveals that voice phishing (vishing) attacks jumped 442% from the first half to the second half of 2024.
Stephanie Carruthers, IBM’s global lead of cyber range and chief people hacker for IBM’s X-Force security team, says AI-powered vishing is far more insidious than traditional phishing attacks.
“We do social engineering campaigns for our clients where the objective is to call their help desk and see if we can impersonate an employee to reset their password,” Carruthers says. “To date, we have been successful every single time we’ve done that. If you look at a lot of major data breaches now, you’ll see that it was actually a phone call that started the breach.”
Some of the most tech-savvy companies in the industry have been hit with vishing attacks. Cisco disclosed in July that it suffered a data breach via vishing. And Google has been victimized as well.
But there are countermeasures organizations can take. The help desk can be trained to require end users seeking new credentials to authenticate through a multi-factor process. End users can be trained to not respond to urgent pleas for financial transfers or changes in credentials. This still will require security leaders to update their security awareness training strategies, with deepfakes — both voice and video — an inevitability as well.
4. M&A activity in the cyber sector
Despite concerns about tariffs and the global economy, mergers and acquisitions activity in the cybersecurity industry remains strong. According to an analysis by law firm Ropes & Gray, M&A activity in the cybersecurity sector is on pace to increase 10% in 2025.
“The cybersecurity sector is experiencing a trend toward larger transactions, with a rising proportion of deals over $250 million, as both strategic buyers and private equity investors focus on acquiring high-quality, mature assets to build comprehensive platforms and address the growing complexity of cyber threats,” says Ropes & Gray.
There have been three megadeals thus far in 2025: Palo Alto Networks is spending $25B to buy Israeli identity security company CyberArk; Alphabet has agreed to acquire Israeli cybersecurity firm Wiz for $32 billion; and HPE finally closed its $14 billion acquisition of Juniper Networks.
But that’s not all. Netgear bought privately held SASE vendor Exium, Proofpoint announced its intent to purchase Hornetsecurity Group, a European email security rival. Observability provider SolarWinds has agreed to acquire San Francisco-based Squadcast and its incident response technology. IBM closed its $6.4B acquisition of HashiCorp, best known for its Terraform infrastructure automation tool. Sophos completed its $859M acquisition of XDR vendor Secureworks. And Palo Alto Networks also announced plans to acquire AI security platform vendor Protect AI for an estimated $700M.
All of that activity is having a downstream impact on product offerings and choices, as well as market delineations, adding a measure of uncertainty to security leaders’ roadmaps and product sets.
5. Identity is the new firewall
Palo Alto Networks’ purchase of identity vendor CyberArk signals another trend in the cyber industry: From a strategic perspective, zero trust has replaced perimeter security, but on the tactical level, zero trust is all about identity.
Justin Fimlaid, CEO and founder of NuHarbor Security, says, “Identity-based attacks are increasing, especially with the proliferation of stolen credentials hitting the market for sale. In 2025, identity is both the perimeter and the blast radius — attackers don’t need to break in; they just log in.”
Akshat Tyagi, associate practice leader at HFS Research, points out that identity management is a complicated endeavor. “Unlike firewalls or endpoint tools, identity systems tie into HR databases, cloud platforms, legacy infrastructure, and application access layers, making them complex to deploy and harder to monetize at scale.”
He adds that enterprise customers are looking for vendor offerings that promise to deliver consolidated, integrated identity management. “Security buyers increasingly seek end-to-end platforms that offer integration, visibility, and faster response across cloud, identity, and endpoints,” Tyagi says.
6. Cybersecurity roles that require specialization
Every year, dire statistics about the global shortage of cybersecurity professionals arrive. But drilling down into the scary topline numbers, major shifts are occurring in the cybersecurity jobs market, according to the 2025 Cybersecurity Workforce Research Report by SANS/GIAC and the US Cybersecurity Job Posting Data Report from CyberSN.
The SANS report says, “While industry headlines frequently trumpet a catastrophic cybersecurity workforce shortage, this year’s global study reveals a markedly different reality. The data suggests that while organizations face real challenges in building and maintaining their security teams, many successfully meet them through innovative approaches that focus on developing skills rather than just headcount. Technical capability has emerged as the number one criterion organizations look for in candidates, displacing work experience.”
The CyberSN report comes to a similar conclusion — generalization is out, specialization is in. Traditional roles such as security engineer and security analyst, while still coming out first and second in total number of job postings, are seeing the largest percentage drop. The roles that are showing strong growth in total number of job postings all require specific skills.
Here are the hot jobs in cybersecurity, based on the percentage increase in job postings:
Cybersecurity/privacy attorney: +41% (from 2023 to 2024)
Red teamer: +29%.
Cyber threat intelligence analyst: +14%
Incident responder: +12%
Governance, risk, and compliance (GRC) analyst: +12%
Reverse engineer/malware analyst: +7%
CISO: +12% (from 2022 to 2024)
No Responses