In recent years, the tech industry has undergone significant transformations. The rise of AI has been particularly notable, with tools like ChatGPT and Google’s Bard becoming commonly used across industries. The convergence of 5G and the Internet of Things (IoT) has greatly impacted industries, supporting the growth of smart homes, healthcare, and autonomous vehicles.
Looking ahead to 2025 and beyond, the tech landscape is poised for further advancements. We can expect significant progress in AI, data analytics, and automation technologies, which will continue to drive innovation across various fields. Below technology experts have provided their predictions for the year ahead and beyond.
Bruce Kornfeld, Chief Product Officer, StorMagic
“Companies are also ready to end their cloud love affair. As companies reassess their cloud commitments, we predict a notable trend towards repatriating workloads from the cloud back to on-premises infrastructures by 2025. This shift will be driven by cloud lock-in challenges and the need for greater control over data and costs, with HCI technologies playing a crucial role in facilitating this transition.”
“In 2025, attackers will escalate their focus on software supply chain vulnerabilities, exploiting both known and overlooked weaknesses:
- They will target gaps in how software producers secure their Software Development Life Cycles (SDLCs), allowing malicious components to infiltrate products and enable both targeted and opportunistic attacks.
- Neglected software in critical business processes, often obscure or niche, will become prime targets due to vulnerabilities, insecure default settings, or poor authentication practices.
- Additionally, attackers will increasingly exploit widely used third-party software through existing CVEs, abusing its built-in functionality to evade detection.
- Criminals and non-state threat actors will increasingly employ software supply chain methodologies that had solely been the domain of sophisticated nation-states.
Most organizational supply chains will also experience pain points like limited visibility into software risk, an overload of vulnerability data, and software sprawl as an expanding attack surface.
The reality is organizations currently struggle with the sheer volume of disclosed vulnerabilities, often wasting resources on low-risk issues while critical patches are delayed, and 2025 won’t be any different in that regard.
Security teams in 2025 can’t afford to just react as cyberattacks occur and regulations change. As an industry, we lagged in 2024; in 2025, CISOs and their teams need to proactively lead efforts to secure software supply chains. With evolving software transparency demands on the horizon and increased cyberattack activity, companies must adopt rigorous software inventories, embrace continuous risk monitoring, demand vendor transparency, and leverage behavioral analytics.”
Dane Sherrets, Staff Innovation Architect, HackerOne
“I expect we’ll see greater industry adoption of AI security and safety standards, with a focus on benchmarks that improve AI transparency. One emerging example of this is an increased focus on AI model cards. Model cards, much like nutrition labels on packaged goods, provide a summary to inform potential users about how the models are intended to be used, details on performance evaluation procedures, metadata about the datasets behind the model, and more.
I’m also confident we will see more organizations become more concerned with responsible AI adoption and use adversarial testing methods, like AI red teaming, to identify safety and security challenges in GenAI. Every industry and organization has different definitions for how they want a model to behave and what they define as harmful outputs, so engagements like AI red teaming will be essential if teams want to minimize risk and continuously ensure that models cannot be used in ways that a company would consider harmful.”
Katie Paxton Fear, Principal Security Researcher, Traceable AI
“One of the big trends we’ve seen in 2024 has been an increase in attacks that target API-powered infrastructure, where an organization might use a piece of software like Docker, they can enable a web API to help them manage it.
These APIs are often helpfully enabled by default which has lead to them becoming a target, particularly when organizations don’t know the APIs are even there. While we may not see a steep increase in API attacks, we can expect to see these more targeted, subtle API attacks against APIs that defenders don’t even know are available. These best thing defenders can do is ensure they have full visibility for their APIs, regularly checking for new deployments. There are a lot of API security tools on the market now and as we see AI being added more and more, it’s important that teams critically analyze what AI technology is in place, and how it is being used. Rather than rushing to implement new technology, a more conservative approach that focuses on proven solutions can be a better choice for most teams.”
Nick Mistry, SVP, CISO, Lineaje
“In 2025, the security risks posed by external partners will contribute to an increase in software supply chain attacks. Organizations today heavily rely on third parties to conduct day-to-day activities, especially for business-critical applications. The modern software ecosystem contains code, libraries, plugins, and other components from third parties to develop and run software. On average, most companies work with 11 third parties.
While open-source software and increased collaboration contribute to innovation, it doesn’t come without risk. Of those 11 third parties,98% have experienced a breach. Lineaje research found that an average of 250 components with unknown origins lurk within every application, creating significant points of exposure for the software supply chain — sometimes even years later.
We recently saw this play out when Amazon’s third-party property management vendor came out as the latest victim in the MOVEit Transfer incident. Despite the initial breach happening in 2023, Amazon employee data stolen from the breach was recently posted on a cybercrime forum.
To change the narrative in 2025 and beyond, organizations must have an effective third-party risk management plan. Doing so will enable organizations to promptly identify and reduce any risks resulting from vendor partnerships. Specifically, businesses need to be able to proactively detect and address risks in the software supply chain and use solutions that provide frequent security audits, assessments, and ongoing third-party software monitoring.
This all points to more regulation and compliance around software supply chain security in 2025, including further developments of EO14028 when it comes to mandatory SBOM implementation. We’ve already seen sectors like the Army require SBOMs with more branches expected to do so as well. With the rapid adoption of AI, I anticipate more guardrails on AI security when it comes to securing the AI supply chain too.
Before the New Year begins or shortly thereafter, organizations should reassess third-party security practices and stay up to date with related regulations — before the next vulnerability becomes a costly breach and tears down your organization’s reputation.”
Wayne Hurd, VP of Sales, Luminys
“Looking ahead to 2025, the security landscape is set for major transformation, with Video Surveillance as a Service (VSaaS) poised to reshape safety strategies. VSaaS empowers organizations with cloud-based, real-time monitoring, reducing the need for costly on-site infrastructure while enabling more agile, scalable surveillance.
Advancements in artificial intelligence and machine learning will further enhance VSaaS, providing more accurate threat detection that allows security teams to focus on real risks, minimizing false alarms—a critical step for safeguarding communities and businesses as timely response becomes essential.
Cybersecurity will be paramount as threats evolve amid a shifting geopolitical landscape. By leveraging cloud-based systems, VSaaS can support regulatory compliance across the supply chain, helping to build trust among stakeholders.
Sustainability is emerging as a priority, particularly for younger generations who expect eco-friendly solutions. VSaaS reduces hardware requirements and energy consumption, supporting organizations’ environmental goals while meeting customer expectations.
For business leaders, a key piece of advice is to adopt a customer-centric approach. Understanding and addressing customer needs should guide strategic decisions. By being present at the right times and in the right places, organizations can position themselves as trusted partners in this dynamic security environment. Embracing these trends can help create a safer and more sustainable future for all.”
Mario Vargas Valles, VP Global Technology Alliances, Protegrity
“As we look toward 2025, I see AI transforming the data protection landscape in exciting ways. Enhanced threat detection with tools like Generative Adversarial Networks (GANs) will help us proactively identify and address vulnerabilities by simulating cyber-attack scenarios, letting us strengthen our defenses before threats strike.
Automation will be another game-changer, especially in incident response. By handling routine security tasks like monitoring and responding to low-level threats, AI will allow us to streamline remediation at both the physical and logical levels, making data protection faster and more efficient.
I also anticipate AI-driven advances in encryption, potentially developing stronger algorithms that secure data both at rest and in transit. Privacy-preserving data analysis is on the horizon too, with differential privacy techniques allowing us to analyze data without compromising individual privacy.
AI’s ability to read and interpret compliance requirements through Natural Language Processing (NLP) will help ensure regulatory alignment, adding layers of security across regions and industries. And as regulations tighten globally, AI itself will need to meet high transparency standards, actively supporting data governance with automated discovery, classification, and quality control processes.
In short, these innovations are poised to make data protection smarter, faster, and more secure— taking us into a new era of proactive data defense.”
Rahul Kannan, President, COO and Head of GTM, Securin
“As we look ahead to 2025, the cybersecurity landscape is entering a transformative phase, as organizations begin adopting proactive and AI-driven defenses to keep pace with the increasingly sophisticated and fast-evolving attack surface. The integration of open-source tools, coupled with a rapid influx of new solutions, will drive businesses toward rationalizing their tech stacks to focus on continuous threat exposure management and predictive technologies that detect vulnerabilities and anticipate attacks in real-time.
Organizations are not fully prepared for the frequency of breaches, and as they face a crowded cybersecurity marketplace with thousands of tools, they’ll have to make strategic decisions on consolidating or rationalizing their tech stack. This rationalization process will center on identifying essential tools, managing tech debt, and integrating new, effective solutions that align with a Zero Trust framework. Secure-by-design principles, continuous authentication, micro-segmentation, and strict access controls will become foundational, ensuring every network interaction is verified, and development practices bolster resilience against potential vulnerabilities.
The hybrid work environment has also significantly expanded the attack surface, rendering perimeter-based security obsolete. The recent CrowdStrike outage underscored the impact of flaws in development, demonstrating that secure coding practices are crucial to preventing disruptions. As breaches continue to escalate in frequency and cost, the demand for cyber insurance and heightened regulatory compliance will rise, pushing companies to not only protect their data but to prove adherence to evolving security standards.
In 2025, security will transcend basic threat defense, becoming about building resilient systems, developing safer code, and creating digital environments that safeguard against tomorrow’s threats from the outset.”
Or Shoshani, CEO, Stream.Security
“In 2024, more than half (65%) of all breaches involved cloud data. Suppose organizations don’t adapt to the cloud’s dynamic nature. In that case, the number of breaches traceable to the cloud, which is already disproportionately high, will continue to strain overworked security operations (SecOps) teams in 2025 and beyond.
Even though 94% of organizations worldwide use the cloud in some capacity, most SecOps teams still rely on alert-based tools designed for solely on-premises environments. Unfortunately, these tools often miss information related to exposure and attack paths, which results in an inability to identify real threats and valuable time lost to investigating false positives.
To change the narrative and reduce the number of cloud-based attacks, organizations should consider bringing a real-time cloud perspective to security operations centers (SOCs) to ensure consistent threat detection and response across your entire infrastructure. In turn, this will reduce costs, mean-time to respond (MTTR), and significantly reduce the risk of material breaches.”
Prashanth Nanjundappa, VP, Product Management, Progress
“QAOps integrates quality assurance into the DevSecOps pipeline, helping ensure QA is part of the software development lifecycle. This enhances collaboration between development, operations and QA teams so quality is maintained throughout the development process, leading to faster releases and more reliable software, which is the fundamental objective of DevOps methodology.
However, DevOps did not identify QA teams as a team outside “Dev” team whereas QAOps is compartmentalizing the role of QA in DevOps. Below are a few ways in which this specific focus will help DevSecOps adoption further:
- Real-Time Reporting: QAOps provides real-time reporting and dashboards that offer insights into the testing process. This transparency helps teams make informed decisions and quickly address any issues that arise.
- Shift-Left Testing: QAOps promotes the shift-left testing approach among QA professionals where testing is performed earlier in the development process. This helps with identifying defects early, reducing the cost and effort required to fix them later.
- Collaboration and Communication: QAOps fosters better collaboration between QA, development, operations and security teams. This integrated approach reinforces that security is a shared responsibility and helps confirm all teams are aligned on security goals.”
Frances Kleven, senior. director of core customer experience, LearnUpon
“Customer retention is everything in today’s saturated business markets. We’re all aware the cost-gains of retaining existing customers outweigh that of acquiring new ones. As a result, customer education is becoming an increasingly important tool in an organization’s arsenal.
Customer education is set for an evolution in 2025 as organizations embrace customer training academies that allow scalable, on-demand delivery of tailored learning experiences. The challenge is that with the rise of customer academies, organizations are grappling with how to make each learning experience truly impactful. The solution lies in more personalization—a strategy that transforms generic learning into tailored journeys that resonate with individual users.
The cornerstone of effective personalization is customer data. Insights such as a customer’s stage in their journey, product usage patterns, pricing plan, and more can serve as powerful tools for crafting bespoke learning experiences. By leveraging this data, organizations can elevate their customer academies into dynamic platforms that drive engagement, value, and loyalty.”
Sydney Hockett, Vice President, Evergreen
“As we quickly approach 2025, I expect that we will see the M&A landscape be significantly influenced by the ongoing advancements in AI and other strides in digital transformation. These technologies are not just trends – they are reshaping the very fabric of our industry. Businesses that invest in AI and these emerging technologies will see enhanced efficiency and improved financial performance which will make them appear more attractive to investors. This shift will drive higher valuations and create more lucrative exit opportunities.
In 2025, the predictability and durability of MSPs will continue to make them prime targets for acquisition. Their mission-critical nature ensures a steady stream of interest from investors looking for stable and reliable returns. As AI and digital transformation become more integrated into business operations, we can expect a surge in M&A activity focused on companies that are leading in these areas. The best MSPs will evolve, if they haven’t already, from being reactive service providers, to proactive technology advisors for their customers.
Overall, I believe that the M&A landscape in 2025 will be characterized by a strong emphasis on technological innovation and strategic investments in AI and digital transformation. This will not only change how businesses operate but also redefine the criteria for successful acquisitions and investments.”