Researchers at Google Cloud have warned that cyberattacks may surge in 2025 as threat actors increasingly adopt AI-based tools for their malicious online activity. In its ‘Cybersecurity Forecast 2025‘ report, the tech giant anticipated that AI and large language models (LLMs) will be harnessed by threat actors to develop more convincing phishing, SMS, and other social engineering attacks.

Researchers at Google Cloud Security also warned that hackers may tap deepfakes for fraud, identity theft, and compromise know-your-customer (KYC) authentications, in addition to other applications like vulnerability research, systems reconnaissance and code development.

Google Cloud Cybersecurity report: Other key forecasts

The Cybersecurity Forecast 2025 indicates that organisations may be hit more frequently by cyberattacks as AI capabilities become more widely available next year. The report also predicts that 2025 will be a transition year for AI in cybersecurity generally, with the technology beginning to facilitate semi-autonomous security operations ahead of becoming fully autonomous in the near future.

Ransomware and data theft extortion, too, will continue to cause disruption next year, claimed Google Cloud. Researchers from the provider also shared their growing concerns about infostealer malware and the vulnerability of hybrid environments to breaches. As such, Google Cloud called on organisations to shore up their cybersecurity protocols by adopting endpoint detection and response (EDR) platforms within their security architecture. However, it also cautioned that, in 2025, threat actors may use custom malware for embedded systems to gain access to such environments.

Further, the Cybersecurity Forecast 2025 report said that many less skilled threat actors may engage in malicious activity as more tools, phishing kits, and ‘as-a-service’ resources become easily available.

In 2025, the industry may see increasing adoption of cloud-native security information and event management (SIEM) solutions. Cryptocurrency organisations and Web3 may also continue to grow, which may, in turn, invite fresh vulnerabilities.

Continuous monitoring, threat intelligence, and compliance with evolving regulations will help tackle emerging threats, the report concluded.

Read More: 80% of UK businesses likely to outsource cybersecurity operations within two years