We asked industry experts to share one emerging cybersecurity threat that they’re particularly concerned about. Here is how they’re preparing for threats and what advice they’d give to others. Learn how to better prepare and protect your business against sophisticated attacks.
- AI Evolves from Tool to Autonomous Emerging Cybersecurity Threat
- Phishing Attacks Become Increasingly Sophisticated
- AI-Powered Social Engineering Threatens Security
- Combating AI-Enhanced Phishing with Training
- Supply Chain Attacks Target Software Dependencies
- WordPress Supply Chain Attacks Raise Concerns
- AI Amplifies Social Engineering Threat Landscape
- Open-Source Libraries Pose Hidden Security Risks
- AI-Assisted Phishing Demands Heightened Vigilance
- AI Impersonation Attacks Challenge Data Security
- Deepfake Identity Spoofing Emerges as Threat
- Third-Party Tools Increase Cybersecurity Risks
- Basic Security Measures Combat Stolen Logins
- Business Email Compromise Targets Insurance Industry
- Deepfakes Pose New Social Engineering Challenges
AI Evolves from Tool to Autonomous Threat
Agentic AI was one of the most talked-about topics at RSA this year, and it’s not just buzz. In the context of emerging cybersecurity threats, the conversation has shifted from what AI can do to what it will do when it starts making decisions on its own. These systems go beyond pattern recognition or automation. They act with intent, learn from their environment, and adjust their strategies in real time.
This isn’t theoretical anymore. We’ve already seen early signs of how attackers are testing autonomous AI to run campaigns that evolve mid-attack. These aren’t just tools running scripts. They’re systems that can plan, act, and continue learning while they’re operating—marking a new frontier in emerging cybersecurity challenges.
What stood out to me is how quickly this is moving from research to implementation. That’s why we’ve started working with clients to view AI not just as a productivity tool, but as part of the overall threat surface. Every department that uses AI needs to be part of the security conversation.
My advice is to start with visibility. In the realm of emerging cybersecurity, that means mapping out where AI systems are running, what data they touch, and who is responsible for them. Then, assess whether those systems are making decisions that impact core processes. If they are, you need controls that log behavior, monitor outcomes, and flag unusual activity. This might sound like overkill, but with agentic AI, it’s necessary. These systems don’t just fail quietly; they adapt.
We’ve been integrating these reviews into existing risk frameworks and making sure business leaders understand the implications. AI governance is no longer just a technology issue. It’s a board-level concern.
This is the next phase of emerging cybersecurity. The organizations that prepare now will be in a significantly stronger position when these systems start to appear in real-world attacks.
Trevor Horwitz
CISO, TrustNet
Phishing Attacks Become Increasingly Sophisticated
It’s not surprising that phishing is still the top way attackers gain access, but what should worry people is how much it has evolved. People still tend to assume phishing attempts will be sloppy. They expect broken English, irrelevant content, and obvious scams. However, that’s no longer the norm. The danger lies in users being trained to spot nasty phishing emails, like those that land in their personal spam folders, rather than the more convincing messages now being crafted to target organizations.
Phishing has become more personal. Attackers are using real names, scraped photos, references to publicly available company materials, and even tone and writing style to create messages that appear to originate from within the organization.
This kind of targeting used to be time-consuming. It was typically seen only in targeted spearphishing or red team engagements. However, with AI and automation, attackers can now generate thousands of highly tailored emails in minutes. Live deepfakes are the next evolution of this trend and something to watch out for. If an attacker can send a convincing email posing as your boss, the next step is appearing on a Zoom call with their face and voice, requesting access or pushing an urgent request.
The solution isn’t more of the same training that tells people to look out for typos or awkward phrasing. It involves exposing people to what these new threats actually look like, how subtle they might be, and teaching them to catch the smallest tells. This could be an oddly formal tone, a strange turn of phrase that doesn’t align with how a coworker typically writes, or language that seems to have been generated by AI. Beyond training, organizations need clear, enforced processes. These include out-of-band verification and trusted contact methods. For example, employees should pick up the phone and call a known number, not the one listed in the message, before taking any action on sensitive matters.
Zach Varnell
Cybersecurity Consultant, Asteros
AI-Powered Social Engineering Threatens Security
The most concerning emerging threat I’m tracking is the democratization of AI-powered social engineering. We’re witnessing how previously sophisticated attacks, which required skilled human operators, are now being automated at scale, making highly personalized phishing and voice impersonation attacks accessible to relatively unskilled attackers.
What makes this threat particularly insidious is its evolution beyond email. Modern social engineering attacks leverage multiple channels simultaneously—combining SMS, voice calls, and email to create convincing scenarios that bypass traditional human skepticism. These multi-channel attacks establish credibility through persistence and consistency across platforms.
The personal nature of these attacks is what truly distinguishes them. Modern AI systems can analyze your digital footprint, communication patterns, and professional relationships to craft highly personalized lures that reference real-world events and connections. This level of personalization was previously impossible at scale.
We recognized this emerging threat vector and implemented practical defense strategies accordingly. Our work in mobile security has informed our approach to these sophisticated attacks through the development of effective authentication protocols. We use out-of-band verification through pre-established channels for sensitive operations, operating independently from any communication method initiated by potential attackers.
Our security awareness approach focuses on contextual awareness, rather than solely looking for traditional indicators, such as grammatical errors. We’ve found this methodology valuable as attack sophistication has increased, helping us address evolving threats.
My advice to others is to develop communication protocols that create friction around sensitive actions. This might mean requiring video verification for specific requests or implementing mandatory waiting periods for financial transactions. While this creates some operational overhead, it’s becoming increasingly essential as voice and text synthesis technologies continue to advance.
Most importantly, foster an organizational culture where questioning unusual requests is encouraged rather than penalized, even when those requests appear to come from leadership. The most effective defense against social engineering remains human intuition when it’s supported rather than suppressed.
Simon Lewis
Co-Founder, Certo Software
Combating AI-Enhanced Phishing with Training
The major concern that’s currently capturing our attention is AI-powered phishing. It’s getting smarter, faster, and weirdly convincing. We’re not just talking about your usual “Nigerian prince” emails anymore. These scams are well-written, sound like real people, and are targeted at specific roles within a business. It’s scary how believable some of them are.
We’re tackling it with a combination of traditional training and advanced security measures. Teach people what to look out for. Keep software up to date. Use email filtering that’s actually fit for purpose. Most importantly, we help our clients create a culture where no one feels stupid for double-checking something!
Our advice is never to rely solely on tools. Technology helps, but people are the real frontline. If someone feels confident enough to say “this looks dodgy” before clicking, you’ve already won.
PS: If an email sounds urgent, emotional, or weirdly flattering, it’s probably fake. Unless it’s from your nan, then maybe it’s just nice.
Mark Dodds
Cyber Focus | Co-Owner, Compex IT | Birmingham
Supply Chain Attacks Target Software Dependencies
As someone deeply embedded in the technology sector with a focus on cloud computing and software development, one emerging cybersecurity threat that particularly concerns me is the growing sophistication of supply chain attacks. These attacks target the interconnected nature of software development, where malicious actors inject vulnerabilities into a component or tool that is widely integrated into other software applications. This can lead to widespread compromise across various platforms, given the dependency on open-source or third-party components.
Given my role in designing scalable software solutions, ensuring the security of every component is paramount. To prepare for this threat, my approach integrates several strategies:
1. Comprehensive Vulnerability Management: Implementing a rigorous process for identifying, assessing, and mitigating vulnerabilities. This includes conducting frequent code reviews, utilizing automated scanning tools, and staying current with the latest threat intelligence to identify vulnerable dependencies.
2. Secure Software Development Practices: Adopting a shift-left strategy in our development cycles to engage security early in the process. This involves integrating security checks within continuous integration/continuous deployment (CI/CD) pipelines to automatically detect and rectify vulnerabilities before moving further down the release path.
3. Education and Awareness: Regular training and workshops are conducted to ensure that everyone involved in the development process is aware of potential vulnerabilities and understands best practices for security hygiene.
4. Collaboration and Transparency: Actively engaging with the open-source community to enhance the security of widely used components.
My advice for others facing similar cybersecurity concerns is to adopt a proactive and holistic approach. Start by understanding the scope of your software dependencies and ensure that security is a critical aspect of every component from inception through operation. Collaborate with industry peers to share insights and best practices, as collective efforts often provide broader protection against complex threats.
Lastly, cultivate a culture of security within your organization, emphasizing the importance of security as an integral part of the development lifecycle, rather than as an afterthought. By staying vigilant and continually enhancing security practices, we can better safeguard our systems against the evolving landscape of cybersecurity threats.
Harpreet Kaur Chawla
Senior Software Engineer, Amazon Web Services, Amazon
WordPress Supply Chain Attacks Raise Concerns
One emerging cybersecurity threat I’m particularly concerned about is supply chain attacks—especially through trusted plugins, themes, or third-party services in the WordPress ecosystem. These attacks are difficult to detect because they often originate from components that site owners assume are safe. We’ve seen examples where compromised or abandoned plugins are sold, updated with malicious code, and then pushed to thousands of unsuspecting sites.
We’re preparing for this threat by tightening our plugin policies, monitoring for changes in plugin ownership or suspicious update behavior, and running real-time file integrity checks across all client sites. We also review plugin code before major updates and proactively remove any that no longer meet our trust criteria.
My advice to others: Don’t assume that just because a plugin is popular, it’s safe forever. Stay on top of update logs, avoid using rarely maintained tools, and use application-level firewalls and monitoring tools to detect unexpected changes. A proactive, layered approach is your best defense.
Garrett Goldman
Managing Partner, StateWP
AI Amplifies Social Engineering Threat Landscape
Without a doubt, it is the ability to utilize AI to enhance and scale social engineering attacks.
Social engineering is the root cause of the vast majority of data breaches, yet many organizations treat security training and awareness as a “check the box” exercise. Companies need to invest more resources in timely, relevant security training for their employees. I would also highly recommend identifying high-value targets within the organization and providing them with additional training and protection, as they are the most likely to be specifically targeted in social engineering campaigns known as “spear phishing” or “whaling.”
Nick Mullen
CEO, Entoo Security
Open-Source Libraries Pose Hidden Security Risks
One of the most concerning cybersecurity threats today comes from compromised open-source libraries. These components are deeply embedded across software stacks, yet often go unmonitored. Attackers are increasingly exploiting this blind spot by injecting vulnerabilities into widely used packages, as seen with Log4Shell and the Event-Stream incident. The danger lies not only in direct exploitation but also in how these dependencies cascade across numerous applications.
To prepare, organizations must adopt a Software Bill of Materials (SBOM) to inventory every open-source component and track its origin, version, and risk posture. SBOMs enable continuous scanning for known vulnerabilities, ensuring faster and targeted remediation. Integrating SBOM creation into CI/CD pipelines ensures visibility and accountability from the start.
My advice: stop assuming open-source equals safe. If you’re not validating every dependency, you’re leaving a door open for attackers you’ll never see coming. Security today isn’t just about your code—it’s about everything your code touches.
Prashant Kondle
Technology Innovator
AI-Assisted Phishing Demands Heightened Vigilance
One emerging threat I’m closely monitoring is AI-assisted phishing, where attackers utilize generative AI to craft highly personalized and convincing messages at scale. As a cybersecurity professional and founder of a document intelligence startup, I recognize the limitations of traditional spam filters in keeping up with evolving threats. The best defense isn’t just better tools; it’s a team trained to expect sophistication, not sloppiness.
Ian Garrett
Co-Founder & CEO, Phalanx
AI Impersonation Attacks Challenge Data Security
I run a data scraping company, and since we operate in a space where bots constantly interact with websites, one of the emerging cybersecurity threats I’m most concerned about is AI impersonation attacks. Especially those that mimic legitimate scraping or user behavior to gain unauthorized access to systems or data.
These attacks are becoming increasingly difficult to detect because they utilize machine learning to adapt in real-time, modifying behavior patterns to blend in with regular traffic. That makes them especially dangerous for companies that rely heavily on automation or integrate with external data sources. We’re preparing for this by investing in behavioral analytics that go beyond IP addresses and headers to examine intent. We monitor patterns like access frequency, navigation logic, and the specific data being targeted. That gives us a clearer fingerprint of whether a request is genuine or manipulated.
My advice to other businesses is not to rely on fixed rules or simple checklists. I know security can feel overwhelming, especially if it’s not your main focus. However, some tools and systems can do the thinking for you, not just blocking blindly, but asking questions, adapting, and learning over time. That’s the kind of protection you want.
Cahyo Subroto
Founder, MrScraper
Deepfake Identity Spoofing Emerges as Threat
One emerging threat I’m watching closely is deepfake-based identity spoofing. These aren’t random pranks; they’re planned exploits using harvested audio and AI stitching tools to simulate “trusted” interactions in real-time.
To prepare, we’ve started layering voice authentication protocols into any verbal approval process that affects finances or access. I’ve also implemented audio drift detection. But the biggest shift has been cultural: we’re teaching the team that verification isn’t rude, even in a familiar-sounding call. If something feels off, they now have explicit permission to pause and escalate.
Advice for others? Tighten the approval pipeline. Redefine what a “valid request” looks like, especially if it comes in over voice or video. Encourage screen-off callbacks—if someone requests urgent access via Zoom, end the meeting and reconnect on a new line.
Matt Bowman
Founder, Thrive Local
Third-Party Tools Increase Cybersecurity Risks
One emerging cybersecurity threat I’m deeply concerned about is the growing risk from third-party tools, browser extensions, and over-integrated systems—especially as AI agents and low-code automations become standard.
I’ve led infrastructure and security for HIPAA-compliant healthcare systems for over a decade—first at Eligible, now at my current company. And here’s the reality:
It’s no longer just about hardening your core infrastructure—it’s about controlling everything that plugs into it.
It’s not always a sophisticated attack—sometimes it’s a misconfigured webhook, an over-permissioned Chrome extension, or a team member granting full OAuth access to a tool they stopped using six months ago.
Recently, one of our employee Slack accounts was accessed by a security researcher as part of a responsible disclosure. The likely cause? Credential reuse or a weak password. While no significant damage occurred, it was a reminder: tools like Slack hold an enormous amount of sensitive data—from internal strategy to patient operations. A single compromised integration or account can put your entire organization at risk.
How we’re preparing:
- Every third-party tool now goes through a basic security review—no exceptions.
- MFA is enforced across Slack, Google Workspace, Notion, and more—not just production infrastructure.
- We regularly audit who has access, what is being accessed, and revoke any outdated access.
- AI tools are sandboxed, and any product that touches user data undergoes a security check.
Advice to others:
- Audit your stack like you’d audit your infrastructure.
- Ask: “What happens if this ‘harmless’ tool gets breached?”
- That’s where your real risk lives in 2025.
The future threat isn’t flashy malware—it’s quiet compromise through overlooked tools.
Gaurav Gupta
CTO & Head of Marketing, Allo Health
Basic Security Measures Combat Stolen Logins
The threat that worries me the most right now is still the mundane one: stolen logins. Brute force attacks, credential stuffing, and password spraying are not new techniques, but they continue to be effective far too often. We’ve had client sites bombarded with login attempts within days of launching. These aren’t high-profile targets, either; they’re just regular small businesses.
What has helped us is being strict about the basics. We implement the following measures:
1. No shared logins
2. Everyone uses a password manager
3. Two-factor authentication on everything
4. Close monitoring of who has access to what
We’ve also had to train clients a bit because even with a solid setup, one weak password can undo everything.
If I had to give one piece of advice, it’s this: don’t wait for something to break before you take security seriously. Most attacks aren’t clever; they rely on someone being lazy or unaware. Fix the basics. That’s where most of the risk resides.
Nirmal Gyanwali
Website Designer, Nirmal Web Design Studio
Business Email Compromise Targets Insurance Industry
One emerging cybersecurity threat I’m particularly concerned about—especially in the insurance industry and among the commercial clients I serve—is Business Email Compromise (BEC). Unlike traditional cyberattacks that exploit system vulnerabilities, BEC targets people, using deception to trick employees, executives, or vendors into transferring funds or sharing sensitive data. These attacks are sophisticated and often involve emails that appear to come from trusted sources, like a CEO, business partner, or even a client requesting urgent changes to a policy or payment details.
As a broker operating in both commercial and personal lines, I’ve seen how quickly these attacks can unfold and how damaging they can be—not only in terms of financial loss but also reputational harm. Small and mid-sized businesses across Ontario are especially vulnerable because they often lack the in-house resources to identify and mitigate these evolving threats.
We take a layered and proactive approach to cybersecurity. Our team undergoes regular training to recognize phishing attempts and suspicious email activity. We emphasize a “trust, but verify” policy for all sensitive requests—particularly those involving wire transfers, banking information, or client data.
On the technology side, we’ve implemented multi-factor authentication (MFA) across systems, enhanced our email filtering, and maintain strict access controls to ensure only the right people have access to critical data. Regular data backups and disaster recovery protocols are also key elements of our strategy.
For our commercial clients, particularly those in the construction, professional services, or technology sectors, we recommend comprehensive cyber liability insurance. We help them understand the scope of coverage needed—especially protection against BEC, data breaches, and ransomware attacks—and tailor solutions that support their specific risk profile.
Educate your team and regularly review your cyber protocols. Even the best software can’t stop a well-crafted phishing email from getting through. The most effective defense is an alert and trained workforce supported by strong internal controls.
And finally, make cyber insurance part of your business’s core risk strategy. It’s not just about recovering from loss—it’s about protecting your clients, your data, and your future in an increasingly digital world.
Rob Roughley
Senior Advisor | Commercial & Personal Lines Broker, Roughley Insurance Brokers Ltd.
Deepfakes Pose New Social Engineering Challenges
One emerging cybersecurity threat that is particularly concerning is deepfake technology used for social engineering attacks. Deepfakes can create convincing impersonations of individuals, potentially leading to fraudulent activities like unauthorized transactions or data breaches.
Preparation:
- Enhanced Verification Protocols: Implement multi-factor authentication and require additional verification steps for sensitive operations.
- Employee Training: Conduct regular training sessions to help employees recognize the signs of deepfake content, emphasizing the importance of skepticism and verification.
- Monitoring Tools: Utilize AI-driven tools to detect unusual patterns that might indicate deepfake usage.
Stay informed about developments in deepfake detection technologies and collaborate with cybersecurity experts to continuously update your defense strategies. Encourage a culture of vigilance and awareness within your organization to minimize risk.
ANSHUMAN GUHA
Staff Engineer Data Scientist, Freshworks
