A look forward

Animation unavailable...

This year’s cloud security story is still unfolding and a few things are clear: attacks are fast, environments are dynamic, and the expectations sitting on security teams have never been higher (we say this every year).

Yet amid this urgency, security is undergoing a transformation. Investment in doing security the right way makes a meaningful difference in addressing and reducing organizational risk. Security teams are investing in the right foundations today – open innovation, AI, and runtime visibility – and they’re making marked improvements not just reacting to threats, but laying the groundwork for long-term resilience. This isn’t a trend; it’s a strategic and fundamental shift within modern security with measurable impact.

As we look ahead to the second half of 2025 and beyond, we expect to see the following:

1.

An increase in the number and frequency of threats targeting AI infrastructures.

As organizational AI implementations continue to grow and develop, attackers will continue to follow the data, money, and computing power. We first identified LLMjacking in early 2024, and have witnessed and continued to report on the development of a massive underground market. We’ve since discovered successful AI-generated malware. As victims innovate, so do attackers.

2.

Expect to see “AI as a tool” evolve into “AI as a partner.”

With platform-integrated AI like Sysdig Sage already driving faster investigations and remediation, AI has already pushed beyond being just a chatbot. We anticipate the shift is coming soon from AI to agentic AI, where it starts making containment decisions, triggering actions, and defending systems with only human oversight.

3.

The security-developer relationship/gap will continue to grow closer.

Security responsibility isn’t just being shifted left, it’s being shared. With developer-friendly remediation context and less noise, security will become natural, not painful. Together, these teams will treat security issues like how developers treat bugs – triage, prioritize, and fix at the speed of new code.

4.

Supply-chain attacks and CI/CD exploits will continue to test boundaries.

Expect to see more defaults bypassed and conveniences tested. Fortunately, most of this year’s findings have been proactive security researchers, but don’t be surprised if someone gets caught flat-footed. Runtime will be the only defense once code is run.

5.

Industry targets will continue to change and evolve quickly.

First, Scattered Spider targeted multiple retail businesses; then they used the same tactics in the insurance and aviation sectors. Even after warnings, their success persisted. If you think your industry isn’t next, you’re already behind.

Security never sleeps, and neither do we

Security isn’t slowing down – it never has, and neither should you. At Sysdig, we’re going to continue pushing for speed, clarity, and community. Next year’s “Cloud-Native Security and Usage Report” will be here before we know it, and rest assured we’ll be watching what happens between now and then: contributing to Falco, sharing threat research, and continuing to make the digital world a safer place. Until then …

<<< Open source: The backbone of innovation

Featured resources

The Sysdig Open Source Community

Join now

Securing AI: Navigating a New Frontier of Security Risk

Read the paper

The Kubernetes Security Checklist

Get the checklist

Securing the Cloud with End-to-End Detection

Read the paper

When the stakes are high, there is no room for compromise.

There is only cloud security, the right way.

BOOK A DEMO