Login
iscover
Nanhi Singh, Chief Customer Officer and GM of Application SecurityShare this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Nanhi Singh, chief customer officer and general manager of application security, Imperva, believes the latest advancements in Generative AI (GenAI) and the exponential use of APIs, plus their reliance on third parties, will redefine the cyber threat landscape in 2025.
Here are her five predictions for the year ahead.
A prompt injection breach will lead to AI disillusionment
Generative AI has introduced a groundbreaking application: the natural language interface to data. However, this innovation brings a new threat vector – prompt injection – for which there is little to no security currently available.
In 2025, a leading global company is likely to lose significant intellectual property due to a prompt injection breach. It’s likely to plunge AI into the “trough of disillusionment” faster than anticipated, undermining the perceived benefits and reliability of AI systems.
A GenAI-enabled super hacking tool will redefine script kiddies
With GenAI, even inexperienced operators who previously needed some degree of technical skill or knowledge are now able to launch sophisticated attacks with minimal effort. Cyber security professionals, as a result, will face significant challenges in protecting their networks.
Imagine, a cyber attack tool that requires only the name of a corporate target to set off a series of malicious activities. Thanks to GenAI, it could well happen in 2025. Threat actors could use this to automatically generate and send phishing emails, and then once inside a target network, leverage the technology to gain further levels of access.
We will see a significant open-source supply chain attack
The increasing complexity and interconnectedness of software supply chains make them attractive targets for cyber criminals. We’ve seen this already with the XZ Utils SSH attack, where malicious actors can introduce backdoors into widely used open-source libraries, compromising the security of countless systems that rely on these components. The success of such an attack hinges on the attackers’ ability to exploit the trust placed in open-source software and the often limited security measures in place to protect these projects.
In 2025, we are likely to witness a significant open-source supply chain attack, but with a higher probability of success. To reduce the risk of such attacks, organisations need a multi-layered security approach.
This includes implementing stringent security measures like regular code audits, automated vulnerability scanning, and robust access controls, alongside sharing threat intelligence and best practices within the cyber security community. Additionally, maintaining a clear inventory of all software components and their dependencies can help quickly identify and address vulnerabilities.
There will be a significant breach related to APIs of LLM-based applications
As organisations continue to embrace large language model (LLM)-based applications, the use of custom components such as LLM agents will become increasingly widespread. These components often rely on APIs to function and integrate seamlessly with other systems.
In 2025, we will witness at least one high-profile security breach involving an LLM application, specifically related to vulnerabilities in its API connections. This anticipated breach will likely draw considerable attention, highlighting the urgent need for robust API security measures.
API boom will draw attention to data leakage and API abuse, and yield transition to DevSecOps teams
Next year will mark four years of APIs taking over our world. According to recent Imperva research, the average enterprise managed 613 API endpoints last year, while API-related security issues are costing organisations as much as US$87 billion annually. With their undeniably useful seamless integration linking data sources together, they naturally attract hacker interest.
As more organisations continue to adopt APIs in 2025, these increasing risks will force their hand in improving their security posture right from the outside of development.
We’ll continue to see the transition to DevSecOps modes of operations so that security is effectively built into development from the start. With these transitions, organisations will adopt observability and automated detection and response solutions to increase security without adding overhead to development processes.
Be the first to hear the latest developments in the cyber industry.
