Netskope Threat Labs Predictions for 2025

Continuing our ongoing series collecting predictions from our many subject-matter experts here at Netskope, we gathered some hot topics and predictions from the Netskope Threat Labs team based on what they are starting to see evolving in the landscape. Here’s what they had to say:

The great AI crackdown

Ray Canzanese, Director of Netskope Threat Labs: “In 2025, more leaders will realize that not everything benefits from generative AI, and as a result we will see a tightening of organization controls around genAI use. Organizations will consolidate their use around a few key apps that have proven benefits to the organization for specific use cases. Apps outside that core will be heavily restricted, and even those core apps will have restrictions around how they will be used. However, this will be challenging for some organizations to manage because of how much investment money is flowing into AI; we are seeingeveryone building AI into their apps whether or not it has any proven benefits.”

Advanced AI for security

Dagmawi Mulugeta, Staff Threat Researcher: “In 2025, AI will redefine the landscape of cybersecurity, pushing the boundaries of threat detection and prevention. These advanced models promise to safeguard sensitive data by detecting insider threats with unprecedented precision, turning AI into a frontline defense against internal breaches. Intelligent systems will predict potential threats before they manifest, and as these innovations accelerate, we may even see AI models collaborating across global networks, setting a new standard for responsive, proactive security.”

The rise of identity and privilege vulnerability

John Carlo Marquez, Threat Research Engineer: “Because cloud-based platforms (e.g. GCP, AWS) have risen in popularity, providing better and more efficient workspaces for organizations, threat actors are most likely to target users in those apps to gain privileged access to the company’s resources. This is more commonly known as “identity and privilege vulnerability,” where attackers aim to simply “log in” instead of “hack in”. Once an account has been compromised, attackers can simply log in to the said account and access the sensitive data without as much as a peep from the security monitoring tools and products. This also applies to deactivated or decommissioned accounts, accounts of former employees, over-privileged accounts with weak credentials and much more.”

Scams leveling up with AI-generated voice and deepfake

Jan Michael Alcantara, Senior Threat Research Engineer: “Cyber scams have leveled up tremendously in 2024, with help of AI, from generating voice messages copied from a loved one to creating deepfake videos of CEOs asking to wire-transfer funds. In 2025, not only will we continue experiencing AI-generated voice and video scams, but we can expect more sophisticated scams that resolve some of the limitations they currently face. Perhaps we will see the combination of AI-generated voice and deepfake video live through a live video call, where the attacker can interact with the victim, increasing its plausibility.”

AI assisted threats on the rise

Hubert Lin, Senior Staff Threat Researcher: “In 2025, the sophistication of cyber threats is expected to escalate further, with genAI playing a major role in enhancing the complexity of attacks, such as customized and convincing phishing campaigns. These campaigns will leverage data from public and compromised sources to make emails appear remarkably legitimate. Remote vulnerability exploitation will remain a popular method, particularly for illicit crypto-mining. The combination of genAI-enhanced social engineering and advanced remote exploits will create a formidable threat landscape, challenging traditional cybersecurity measures and demanding more sophisticated defenses in 2025.”

Visit the Netskope Threat Labs page to keep up with their latest research.