2025 Cato CTRL™ Threat Report: Top 4 AI Predictions for the Year Ahead

Today, Cato Networks published the 2025 Cato CTRL Threat Report. It is the inaugural annual threat report from Cato CTRL, the Cato Networks threat intelligence team. The key theme for this year’s report is artificial intelligence (AI), which reflects the current cybersecurity landscape where AI usage is skyrocketing among vendors—and threat actors. Within the report, we examine the security risks associated with LLMs and the increased adoption of AI applications within organizations in 2024.  

Most notably, the report reveals how a Cato CTRL threat intelligence researcher with no prior malware coding experience successfully tricked popular generative AI (GenAI) tools—including DeepSeek, Microsoft Copilot, and OpenAI’s ChatGPT—into developing malware that can steal login credentials from Google Chrome.  

The growing democratization of cybercrime is a critical concern for CIOs, CISOs, and IT leaders. The rise of the zero-knowledge threat actor is a fundamental shift in the threat landscape. The report shows how any individual, anywhere, with off-the-shelf tools, can launch attacks on enterprises. This underscores the need for proactive and comprehensive AI security strategies. 

As a supplement to the report, below is a summary of the top four AI predictions from Cato CTRL for the remainder of 2025.

Prediction #1: AI Agents Will Become a Prime Target to Gain Access  

AI agents, which can plan and execute actions on behalf of the user, will show up in just about every aspect of our life. These AI agents will expedite tasks by obtaining instructions via natural language, breaking the tasks down to atomic actions, and then performing those actions on our behalf. Think of trying to arrange a team meeting: emailing all participants (while coordinating multiple busy schedules), arranging a conference room (of the right size, at the right time), ordering some snacks (knowing if there are any dietary restrictions), etc. All done automatically. What bliss. 

However, when these AI agents have excessive agencies—which means that they have excessive permissions, excessive functionality, and/or excessive autonomy—this bliss can quickly turn into a huge risk. Cato CTRL predicts that AI agents will become a prime target for threat actors to gain access.  

Your AI agent has access to your file system? Sounds like a good opportunity to deploy ransomware. Your AI agent has access to your voice or image? There is potential for identity fraud. Your AI agent has access to send emails on your behalf? Business email compromise (BEC) and sophisticated phishing attacks will emerge.   

Prediction #2: Threat Actors Will Prioritize Designing Prompts to Evade Security Controls in AI Modules 

With AI being used in so many solutions and applications, the field of jailbreaking and prompt engineering of AI modules has gained huge popularity. So much so, that popular security conferences (such as DEF CON in Las Vegas) already have villages and competitions where participants compete in making AI behave according to their needs.  

With the cybersecurity industry implementing AI for everything from data analysis to suspicious code reviews, Cato CTRL predicts that threat actors will prioritize the design of prompts to evade security controls in AI modules. Sometimes it’s not about making the AI module do something bad, but rather about becoming invisible to the AI module—from a code analysis tool to an image analysis system. You cannot be detected if you are not seen. 

Prediction #3: AI-Based Scams Will Become the Norm  

While initially met with skepticism, evident in the fact that I have personally witnessed Russian underground members argue that AI will take years before it is usable by them for their malicious purposes, AI-based scams are gaining traction. In recent months, Cato CTRL has observed a sharp increase in the number of offerings in the cybercrime underground that use an AI tool on the backend to perpetrate scams like document forgery, identity fraud, and more. For example, we published findings in October 2024 on ProKYC, a deepfake tool that enables new account fraud against cryptocurrency exchanges.  

The usage of AI-based image, video, and voice generation tools has expedited and elevated the outcome of a scam, raising multiple issues. Not only does this mean that threat actors can generate a scam they need faster and better, but it also means that creating fake data is easier than ever (for example, generating data about a company that was claimed to have been breached). Cato CTRL predicts that AI-based scams will become the norm because of these AI-based tools and services.

Prediction #4: Shadow AI Will Be One of the Top Security Risks in 2025 

As we see the application security challenges of the early 2000s reimagined and reemerged in the form of AI security challenges, so do the IT problems. Remember shadow IT? Introducing shadow AI.  

The CIO, CISO, and IT leader now must understand what privacy, security, regulations, compliance, and other risks that AI tools represent. Just like shadow IT, the issues with shadow AI are: 

• Visibility: Do you know this is happening on your network? 

• Context: Do you know which user is using what AI tool, for what purpose, and with what data? 

• Policy: Can you handle each AI tool with different levels of scrutiny and granularity? 

• Enforcement: Can you apply policies across every user, device, and AI tool on your network? 

With the proliferation of AI tools, enterprises are struggling to keep up with what AI tools their employees are bringing into the network. As a result, Cato CTRL predicts that shadow AI will be one of the top security risks for organizations in 2025.

Resources 

• Download the 2025 Cato CTRL Threat Report. It is the inaugural annual threat report from Cato CTRL, the Cato Networks threat intelligence team. The key theme for this year’s report is AI.  

• Read the press release. 

• To learn more about the 2025 Cato CTRL Threat Report, register for SASEfy 2025 (Cato’s global virtual event on SASE and AI) on Tuesday, April 15 at 12 p.m. ET. 

• Follow Cato CTRL’s new account on X.  

• Visit Cato’s AI and ML page and AI safety policy page.