ADVERTISEMENT

IBM sees seven major cybersecurity dangers next year: AI, AI, AI, AI, AI, not AI, likely AI

Artificial intelligence (AI) will be at the forefront of nearly all major cybersecurity threats next year. It poses a danger to organizations both from within and outside, empowering cybercriminals, causing incidents, and enabling attacker bots to act independently.

artificial intelligence, cybersecurity, threats

Image by Cybernews.

Ernestas Naprys
Ernestas Naprys Senior Journalist
Dec 26, 2025 Updated: 30 December 2025 2 min read
ADVERTISEMENT
Jurgita Lapienyte justinasv Izabele Pukenaite vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Add us as your Preferred Source on Google.
  1. Autonomous AI is cracking legacy security models under pressure: The new era of security will be built on monitoring, validating, and controlling AI behavior at machine speed. Security will have to be embedded “into the very fabric of AI development and governance,” ensuring that AI agents operate within boundaries from day one without fragmentation and blind spots.
  2. AI is devouring intellectual property (IP): Business is exposed to unprecedented risks of IP loss and other leaks through shadow AI systems – unapproved tools that employees use without oversight. Any unmonitored AI model can trigger widespread exposure. Cybersecurity pros will work hard to deliver approved AI tools and frameworks to meet the needs without sacrificing control.
  3. AI deepfakes and biometric spoofing are straining identity systems: IBM expects a surge in identity-focused attacks, as security frameworks were never designed to address deepfakes, voice spoofing, model manipulation, and other techniques. Identity will need to be treated as critical national infrastructure, requiring AI-specific protections and infrastructure-level defenses.
  4. AI agents are exposing data faster than defenders can keep up: Autonomous AI bots replicate and evolve, often venturing outside sanctioned workflows at breakneck speed, and leaving no clear footprints, making monitoring challenging. “Businesses will know data was exposed but won’t know which agents moved it, where it went, or why,” IBM warns and highlights the need for systems tracing AI agents across machine-to-machine interactions.
  5. When “AI did this,” who’s accountable? Traditional security relied on access controls to known resources. Old accountability models don’t work with AI agents and sub-agents crossing boundaries without human oversight, acting on behalf of a user, or delegating other agents to complete the task. Companies need systems that can answer “why an action happened, who authorized it, and whether it was within scope.”
  6. Moving to new cryptographic standards quickly: IBM warns that companies will need “crypto-agility” – the ability to quickly switch cryptographic algorithms, rotate keys, update certificates with shrinking lifespans, and adapt in real-time as new threats emerge. As quantum computing advances, quantum-safe algorithms add an additional layer of complexity.
  7. Rather than hacking, attackers are increasingly relying on social engineering: IBM warns that cyberattacks increasingly exploit help desk and other recovery processes. Hackers can simply call the company and impersonate a colleague, asking for a password reset. Scattered Spider used similar techniques to breach dozens of companies. “That success will only inspire further innovation in this attack method,” IBM warns. While IBM doesn't mention AI here, it surely can help automate many tasks.

ADVERTISEMENT