A global leader in cybersecurity, has issued a stark warning about the rise of highly customized AI-powered cyberattacks in its 2025 predictions report, titled “The Easy Way In/Out: Securing the Artificial Future”. These evolving threats are expected to supercharge scams, phishing, and influence operations through sophisticated AI tools and deepfake technology.
AI-Driven Threat Landscape
According to the report, malicious actors could use breached personal information (PII) to create “digital twins”—AI models trained to mimic an individual’s personality, knowledge, and writing style. When combined with deepfake video/audio and compromised biometrics, these digital twins could facilitate identity fraud, scams, and social engineering attacks.
Trend Micro highlights the following areas of concern:
- Business Email Compromise (BEC/BPC): Hyper-personalized attacks targeting enterprises.
- Fake Employee Scams: AI tools creating realistic impersonations to defraud businesses.
- Pig Butchering Schemes: Targeting victims with AI-enhanced romance scams before handing them off to human operators.
- Misinformation Campaigns: Large-scale AI-generated social media personas used to spread disinformation and scams.
AI-Specific Security Risks
Businesses leveraging AI technologies in 2025 will also face unique challenges, such as:
- Vulnerability exploitation and manipulation of AI agents.
- Information leakage from generative AI models.
- Malicious resource consumption, leading to denial of service.
Beyond AI: Emerging Cyber Threats
The report underscores other concerns, including:
- Vulnerabilities: Exploits in memory management, APIs, and container environments, as well as older vulnerabilities like SQL injection and cross-site scripting (XSS).
- Ransomware: New kill chains designed to bypass EDR tools, disrupt systems, and evade detection using BYOVD (Bring Your Own Vulnerable Driver) techniques.
Call to Action
Trend Micro urges organizations to take a risk-based cybersecurity approach. Key recommendations include:
- Implementing centralized risk assessment and asset prioritization.
- Using AI tools for threat intelligence, attack prediction, and remediation.
- Monitoring AI systems against abuse through multi-layered defenses.
- Training users to recognize AI-driven cybercrime tactics.
