As we move into 2025, generative AI and other emerging technologies are reshaping how businesses operate, while at the same time giving them different ways of protecting themselves. All these changes mean that a company’s risk of an adverse cyber event continues to increase.
The speed at which cyber attackers are moving presents some massive challenges that organizations must be prepared for in the coming year, especially as innovations like generative AI continue to proliferate.
The impact of AI on data security in 2025
It’s no surprise as generative AI matures and is adopted by more enterprises, that threats against data security will only continue to grow. We already see it happening. For example, Copilot rollouts, while incredibly powerful in helping users find information more easily, introduce a new opportunity for inappropriate access and sharing if sensitive information isn’t properly secured before (and even during and after) the rollout. This trend is accelerating, with AI innovations coming online faster than enterprises can adapt their security controls.
The more AI-powered tools are integrated into business workflows, the greater the risk of sensitive data becoming exposed. These solutions make it easier to access once-hidden data, so it has never been more important to maintain strong security controls before broadly deploying generative AI.
Pain points of securing AI and data
One major challenge organizations are sure to face in 2025 will be securing generative AI agents and chatbots. As companies increasingly rely on these tools to streamline customer service and internal operations, the associated risks multiply.
Will chatbots and generative AI introduce unique risks to businesses in the new year? Absolutely. There have been several examples of AI agents giving bad advice or disclosing private information that was never intended for distribution. Chatbots allow businesses to quickly answer customers’ most frequently asked questions without the need to employ a large customer service staff. However, bad actors are finding ways to exploit this automation and data query functions through what is called a prompt injection attack. Prompt injection attacks are a relatively new attack vector aimed at bypassing safety guardrails which will only grow in frequency and sophistication.
To counter these threats, security vendors, AI vendors, and enterprises must work collaboratively. A multi-pronged approach is crucial here, and should involve preventive measures, effective data governance, and rigorous user training.
On the users’ side, maintaining security best-practices and good security hygiene has never been more important. Businesses need to focus their efforts on improving prevention guardrails as well as rapid response capabilities for forensic analysis, incident response, and remediation. They should also strongly consider a proactive approach to data security by implementing an AI-based Data Security Governance platform to identify and inventory sensitive data assets, assign classifications, and enforce access governance policies. Knowing what sensitive data their organization has in its possession, where its located, and having controls over how it is shared will greatly reduce the risk of unauthorized access and data loss.
On the vendor side, continuous innovation will be key.
Adversaries are adapting, too
AI has been a beneficial game-changer for adversaries. As generative AI costs decline, the scale of attacks utilizing that technology will only grow. I expect bad actors to continue leveraging new AI innovations in 2025 to exploit new and often overlooked vulnerabilities.
Autonomous AI agents are becoming very sophisticated and it is possible for those agents to carry out entirely automated attacks. The potential for automated and highly scalable attacks by these agents means enterprises must rethink their defensive strategies. Automated adversaries will target weaker organizations with unprecedented speed, so it’s crucial to focus on real-time defense capabilities and take a proactive approach to identifying risks before they become breaches.
Any good news about data security management?
While 2025 is sure to bring about considerable risks, I remain cautiously optimistic about improving the threat landscape. Security posture management—whether it’s in the cloud, applications, or data—is now recognized as a key component in managing enterprise risk. The industry is increasingly aware of these needs, and there is exciting innovation taking place, driven by both established players and promising startups.
For an effective security posture, companies need a shift in organizational mindset. They should prioritize comprehensive security strategies that apply to their cloud environments, application landscapes, and most crucially, sensitive data which resides across all of it.
Securing the future
2025 should be a year of adaptation—for both defenders and attackers. With generative AI continuing to influence every aspect of how businesses operate, attack risks will expand, as will the sophistication of threats. But with awareness, proactive measures, and a collaborative industry-wide effort, there is a path forward.
I expect to see advances in the efficacy and capabilities of technologies across the spectrum. Assessing, monitoring and mitigating risk holistically, not in isolated silos, but rather bringing together users, permissions, activity and data to provide an integrated view will be critical. Startups are innovating in this space for effective Data Security Governance, and I’m optimistic about the future.
