Key security trends for CISOs in 2025

In 2025, many of your critical security tools will include AI models you can’t inspect or fully control. Your board is already asking how you’ll prevent the next headline-making security breach. Meanwhile, your competitors are using AI to automate security at a scale that was impossible just months ago. Evolving regulatory requirements add another layer of complexity, as new rules in the European Union and California affect how you can use AI systems.

The security landscape is rapidly evolving, but with the right approach, you can harness these challenges to build stronger defenses while protecting against new cyber threats. Here are three trends to prepare for that will dominate the enterprise security landscape this year.

1. Vulnerabilities in proprietary LLMs

Many vendors now use proprietary foundational large language models (LLMs) in their products, creating new risks for your organization. Most of these LLMs are black boxes — you can't see much about how they work or what safety controls they have. Security researchers have demonstrated the fragility of AI guardrails. There is a growing attack surface on the models themselves and reflectively on the products they serve.

Since many products rely on the same few proprietary LLMs, an attack on one could simultaneously affect many of your systems. This concentration of risk is particularly concerning as more critical business functions depend on AI-enabled tools. You’ll need to:

• Track which of your vendors use LLMs
• Assess the security controls these vendors have in place
• Plan for possible outages if an LLM-based service fails
• Develop backup plans for critical AI-dependent systems

Read more: 7 questions to ask your DevOps provider to build a transparency-first AI strategy

2. Identity management challenges

Cloud and AI systems are changing how we manage access to the systems we use every day. Your identity systems must now handle:

• An increase in non-human, service-based identities
• More machine-to-machine connections
• Quick changes in who needs access to what
• Complex chains of permissions between services
• AI systems that need varying levels of data access

Traditional identity and access management tools weren’t built for these challenges. You’ll need more flexible identity tools that can adapt quickly as your needs change. Consider implementing zero-trust principles and just-in-time access to better control these dynamic environments.

Security teams should also develop strategies and prepare for the growing complexity of agentic AI with the same level of rigor and auditability they apply to human users. As AI systems proliferate, tracking and securing these non-human identities becomes just as important as managing human user access.

3. Making security work in DevOps

In a recent survey, 58% of developers said they feel some degree of responsibility for application security — but finding DevOps staff with security skills remains difficult. AI-powered tools can help by:

• Checking code for security vulnerabilities and potential threats early in development before they cause problems
• Suggesting secure coding patterns
• Setting up the right access permissions automatically
• Automating repetitive tasks throughout the development process

These tools can help your existing security team work more efficiently. They can also help developers catch common security issues before code reaches production. This means fewer emergencies for your team and better security outcomes overall.

Consider investing in tools that integrate directly into developer workflows. The easier you make it for developers to work securely, the more likely they are to do so.

Taking action: Embracing AI to secure the threat landscape

To stay ahead of these changes:

1. Map out where AI tools touch your systems and assess the risks
2. Update your identity management approach for cloud and AI needs
3. Look for ways AI can strengthen your security work
4. Keep your board informed about new AI risks and regulations
5. Build relationships with key vendors to understand their AI security measures
6. Train your team on AI security risks and opportunities

While AI brings new risks, it also gives you new tools to protect your organization. Focus on using AI to strengthen your security posture while watching out for new threats. Regular reviews of your AI security stance will help you stay ahead of emerging risks.

Looking ahead

The security landscape will keep evolving as AI technology advances. Stay flexible and ready to adapt your security strategy as new threats and opportunities emerge. Build strong relationships across your organization — especially with legal, development, and operations teams. These partnerships will help you respond more effectively to security challenges.

Remember that while the technology changes, your core mission remains the same: protecting your organization’s assets and enabling secure business operations. Use new tools and approaches where they make sense, but don’t lose sight of security basics in the rush to adopt AI.

Build the right AI approach for your software innovation strategy

Generative AI tools are here to stay. Companies with software engineering organizations that want to recruit and retain top talent must introduce AI to the enterprise to compete. Continuous upskilling, adoption, and support are critical to safely, securely, and responsibly unlocking AI’s power. Download our guide for enterprise leaders to learn how to prepare your C-suite, executive leadership, and development teams for what AI can do today — and will do in the near future — to accelerate software development.

Read the guide