December 19, 2025 3 Minute Read

At this time last year, LevelBlue asked its experts to offer up some thoughts on what the coming year, 2025, would bring.

So, with a year of hindsight, let’s keep ourselves honest and take a look to see what we got right and where we were a bit off.

December 2025

AI-Powered Cyberattacks

Prediction: Threat actors will leverage AI technologies to automate and enhance the precision of focused cyber-attacks. As recently seen, AI can identify vulnerabilities, tailor attack strategies to circumvent defenses, and generate convincing social engineering schemes at scale. AI can automate the creation of social engineering attacks through customized phishing emails or voice messages.

CORRECT – There are multiple examples of AI-based attacks taking place since we made that prediction. For example, The Hacker News reported on a campaign that used large-scale data extortion with agentic AI (e.g., "Vibe Hacking"). AI Use: The criminals used the AI model to provide technical advice and active operational support for the attacks. Adversaries targeted about 17 distinct organizations across sectors, including healthcare, emergency services, government, and religious institutions.

December 2025

AI Will Empower Cyber Defenders and Law Enforcement

We wrote that AI is poised to enhance the capabilities of law enforcement and cyber defenders, empowering them to better counteract threat actors. This AI help was expected in the areas of Enhanced Threat Detection and Response, Streamlined Investigation and Analysis, and Predictive and Proactive Measures:

Correct: According to a report issued by the National Conference of State Legislatures, all three have been implemented.

Real-Time Anomaly Detection: Machine Learning (ML) models were widely deployed to analyze trillions of security signals, detecting patterns, anomalies, and potential breaches at unprecedented speed, according to the Department of Homeland Security. This enabled faster detection of zero-day vulnerabilities and of sophisticated polymorphic malware that traditional signature-based tools couldn't catch.

Automated Response: An MDPI research paper noted that the adoption of AI-enhanced Security Orchestration, Automation, and Response (SOAR) platforms accelerated. These systems began performing autonomous actions —such as suspending accounts, initiating password resets, or containing threats — within seconds, significantly reducing the mean time to detect (MTTD) and mean time to respond (MTTR), translating into millions of dollars in breach cost savings for organizations using AI.

Law Enforcement Applications: In law enforcement, AI-powered computer vision and object detection systems, such as those that detect firearms in live surveillance, have become critical for enhancing situational awareness and speeding up emergency response times, according to a US Congressional report.

December 2025

Deepfakes

Prediction: Deepfake technology will be used more often for fake CEO calls and business scams. Attackers will use deepfake audio and video to impersonate company leaders during phone or video calls, tricking workers into sending money or divulging important information.

The quality of deepfakes is improving so much that even companies with high security, like banks and government offices, could fall for these fake calls. Threat actors will use deepfakes to make people believe false things about their leaders or actions. Attackers might create fake videos that depict company leaders saying controversial things or engaging in illegal activities. The goal would be to cause people to lose trust in the company or make its stock price fall. These deepfake videos might be shared at times when they can do the most harm, such as when major announcements or important deals are made.

CORRECT: Unfortunately, this prediction was also proven accurate.

One of the most egregious examples utilized a deepfake video conference scam. An employee of a multinational firm was tricked into authorizing a $25 million payment after attending a video conference where all other participants—including the CFO and senior leaders—were realistic, AI-generated deepfakes.

In another case, Real-Time Deepfake Attacks on KYC/Onboarding: Fraudsters began using real-time generative AI tools (like DeepFaceLive) to impersonate individuals in real time during video identity verification calls for banks, crypto, and fintech services, successfully driving one in 20 identity verification failures.

December 2025

Ransomware: The Story Remains the Same

Ransomware continues to be a top concern of C-Suite and Boards across all industry sectors. It’s safe to predict that ransomware attacks will continue and likely intensify with more groups getting involved.

Correct: This prediction was a gimme. However, ransomware remains too lucrative for threat groups to abandon, and 2025 saw several high-profile attacks. While all vertical sectors were hit, the attacks that gained the most attention were in the automotive, healthcare, and retail industries.

On September 2, 2025, Jaguar Land Rover confirmed it had been affected by a major cyber incident, forcing the company to pre-emptively shut down many of its systems, including manufacturing operations. Media reports indicated the attacker was Scattered LAPSUS$ Hunters, a group tracked and dissected by LevelBlue SpiderLabs.

DaVita, a major kidney dialysis provider, reported an incident to its clients and the SEC in August 2025, stating that it had been attacked the previous April, during which attackers gained access to its laboratory’s servers. Media reports noted the incident impacted about 2.7 million patients, resulting in more than $13.5 million in recovery costs.

Finally, 2025 saw the retail sector fixed squarely in the sights of threat actors, as several of the largest attacks involved several of the world’s best-known retail brands, including Harrods, Marks & Spencer, and Victoria’s Secret.

December 2025

Quantum Computing and Encryption

Quantum computing will begin to crack strong encryption systems, prompting significant investments in quantum-resistant systems to secure information and communications. While this may not have a material impact in 2025, it will become a key focus for nation-states and organizations with sensitive data and low-risk tolerances.

Yes and No: On the negative side, defeating encryption remains beyond our ability, but Google and IBM each announced in 2025 that they had made progress in using quantum computing to break encryption.

All things considered, LevelBlue’s prognosticators did a very good job peering into the future. Sure, when it comes to cybersecurity trends, some things never or rarely change, but these predictions show that our hundreds of SpiderLabs researchers, analysts, and consultants keep a steady eye on what is happening.