TLDR: Trend Micro’s “State of AI Security Report, 1H 2025” reveals that 93% of security leaders expect daily AI-driven attacks in 2025. The report emphasizes the critical need for secure-by-design AI systems and highlights evolving threats from agentic AI, deepfakes, and malicious digital twins.
The digital security landscape is bracing for a significant shift in 2025, with artificial intelligence (AI) poised to become both a powerful tool for defense and a formidable weapon for cybercriminals. According to Trend Micro’s “State of AI Security Report, 1H 2025,” a staggering 93% of security leaders anticipate facing daily AI-powered cyberattacks in the coming year. This alarming statistic underscores the urgent need for organizations to re-evaluate their security strategies and adopt a “secure-by-design” approach to AI systems.
The report highlights the dual nature of AI’s impact on cybersecurity. While AI offers efficiency gains for businesses, it also empowers threat actors, leading to more sophisticated and pervasive attacks. The World Economic Forum’s Global Cybersecurity Outlook report corroborates this, with 66% of surveyed organizations expecting AI to have the most significant impact on cybersecurity this year.
One of the most concerning predictions from Trend Micro is the emergence of malicious “digital twins.” These advanced AI constructs leverage personal information to train large language models (LLMs) to mimic a victim’s personality, knowledge, and writing style. Combined with deepfake technologies and compromised biometric data, these digital twins could facilitate identity fraud or deceive individuals’ families, friends, or colleagues. Mick McCluney, ANZ Field CTO at Trend Micro, emphasizes, “As generative AI makes its way ever deeper into enterprises and the societies they serve, we need to be alert to the threats. Hyper-personalised attacks and agent AI subversion will require industry-wide effort to root out and address.”
Beyond digital twins, the report outlines several other critical threats. Advanced AI techniques, such as deepfakes, are expected to be used in large-scale attacks to increase business compromise, orchestrate “fake employee” scams, and enhance adversaries’ open-source intelligence capabilities. AI enhancements could also bolster pre-attack preparation and increase attack success by creating plausible social media personas to propagate misinformation and scams.
Red flags for businesses adopting AI in 2025 include potential exploits such as the hijacking of AI agents to perform unauthorized actions, information leakage from generative AI, and resource consumption leading to denial-of-service attacks. The report also points to vulnerabilities like memory management bugs, exploits targeting APIs, and older vulnerabilities such as cross-site scripting and SQL injections.
In response to these escalating threats, Trend Micro advocates for a risk-based cybersecurity approach. This involves central identification of assets, prioritized risk assessment, and leveraging AI for threat intelligence and asset management. The company also recommends updating user training in line with AI advancements and securing AI technologies to prevent abuse. The report stresses the importance of understanding an organization’s position within the supply chain and addressing vulnerabilities in public-facing servers. As McCluney aptly puts it, “Business leaders should remember that there’s no such thing as standalone cyber risk today. All security risk is ultimately business risk, with the potential to impact future strategy profoundly.”
Also Read:
- AI Agents Accelerate Zero-Day Exploits, Challenging Cybersecurity Defenses
- AI Agents Revolutionize Cybersecurity: A New Era of Human-Machine Collaboration Emerges
The growing AI footprint is set to permeate many facets of our lives, from digital assistants to AI agents automating business decisions. The inclusion of a dedicated AI category in Pwn2Own, a premier hacking competition, further acknowledges AI’s pivotal role in reshaping cybersecurity. This new category, which debuted at OffensiveCon in Berlin, highlights the critical need for AI systems that are secure by design, rather than leaving defenders on the back foot. Trend Micro’s report, drawing insights from Pwn2Own’s inaugural AI wins and their latest research, offers an extensive exploration into both the promises and perils associated with AI use, examining the evolving threat landscape introduced by next-generation agentic AI.
