AI and Cybersecurity - 2025 Reports and Trends

AI and Cybersecurity may be the way forward to standardize governance across the board internationally. Here are some of the resources I’ve come across that would be useful for those interested in the rapid advancement in AI and cybersecurity.

The Implications of Artificial Intelligence in Cybersecurity: Shifting the Offense-Defense Balance

https://securityandtechnology.org/virtual-library/reports/the-implications-of-artificial-intelligence-in-cybersecurity/

"This work is the foundation of a broader IST (The Institute for Security and Technology) project to better understand which areas of cybersecurity require the greatest collective focus and alignment—for example, greater opportunities for accelerating threat intelligence collection and response, democratized tools for automating defences, and/or developing the means for scaling security across disparate platforms—and to design a set of actionable technical and policy recommendations in pursuit of a secure, sustainable digital ecosystem."

• Agentic AI Weaponization: AI agents could train each other on malicious use cases, such as generating malware, breaching networks, or performing network or code obfuscation

• Code Obfuscation: For malicious actors, code obfuscation adds layers of plausible deniability and serves as a tool for evasion and persistence. To complicate the defender’s task of identifying malicious software, these actors can leverage code obfuscation techniques by renaming variables and functions, rearranging and breaking down executable code into confusing patterns, inserting redundant or misleading code, and using advanced algorithms to encrypt or morph code segments.

• Code Deobfuscation: Techniques such as random variable renaming, insertion of irrelevant code or data, and encryption or compression make it challenging for a model to pinpoint and learn consistent patterns.

• Polymorphic Malware and Evasion: The characteristics of polymorphic malware—its ability to mutate, encrypt, and obfuscate—means that each instance can alter its code during the replication or infection processes. This not only hides the payload through encryption but also disguises its true functionality using techniques like dead code insertion, register renaming, and instruction substitution.

• Network Obfuscation: Malicious cyber actors have also long used network obfuscation techniques to route and launder their traffic so as to conceal its true source and make it harder to detect and defend against. In the early days of so-called Advanced Persistent Threat (APT) activity, such networks were merely compromised small business computer systems, commonly referred to as “hop points” or “operational relay boxes.”

Forging Global Cooperation on Global AI Risks: 

>>> https://parispeaceforum.org/publications/forging-global-cooperation-on-ai-risks-cyber-policy-as-a-governance-blueprint/ 

This report lays the groundwork for an efficient international cooperation, bridging AI risk governance with global cybersecurity policies developed over the past two decades. The report highlights how AI accelerates cyber threats while also enhancing cyber defenses. It proposes a five-step methodology to assess governance needs, emphasizing transparency, cooperation, and accountability.

The pursuit of cybersecurity governance provides valuable lessons and frameworks that can inform the pursuit of global governance of AI severe risks. In this regard, findings from the Paris Call community consultation are insightful

Artificial intelligence for cybersecurity: Literature review and future research directions (2023)

A taxonomy of AI use cases for cybersecurity provision is proposed.
A comprehensive survey of current applications of AI in cybersecurity is conducted
>>> https://www.sciencedirect.com/science/article/pii/S1566253523001136#sec0002

OWASP Top 10 for LLM Apps & Gen AI Agentic Security Initiative 

Agentic AI systems, supercharged by LLMs and generative AI, are unlocking new capabilities for Automation, Decision-making, and Security

>>> https://genai.owasp.org/2024/12/15/announcing-the-owasp-llm-and-gen-ai-security-project-initiative-for-securing-agentic-applications/

The evolution  of advanced frameworks like LangGraph, AutoGPT, and CrewAI, offer programmatic access to  these capabilities and create different modalities of autonomy from single-agent automation of tools and constrained agentic workflows, to fully autonomous conversational multi-agent systems, where using patterns of reflection and adaptation new emergent behaviour can appear autonomously. However, these exciting new developments come with new risks. 

OTHER RESOURCES TO REPORT AND KEEP UP WITH:

In parallel to Cybersecurity is Risk ontology and assessments. Here, I will only highlight the global ones, but you should also still be mindful of your tech stack and internal, local, national reporting initiatives as well, to build better transparency in your cybersecurity practices.

OECD.AI INCIDENT MONITORING (AIM)

The AI Incidents Monitor (AIM) was initiated and is being developed by the OECD.AI expert group on AI incidents with the support of the Patrick J. McGovern Foundation. In parallel, the expert group is working on an AI incident reporting framework. The goal of the AIM is to track actual AI incidents and hazards in real time and provide the evidence-base to inform the AI incident reporting framework and related AI policy discussions.

The AIM is being informed by the work of the expert group on defining AI incidents and associated terminology, such as AI hazards and disasters. In parallel, the AIM seeks to provide a ‘reality check’ to make sure the definition of an AI incident and reporting framework function with real-world AI incidents and hazards.

This will ulitmately help build transparency and reporting measures moving forward for future risk mitigation, local, national and global coordination for prosperity.

MIT RISK REPOSITORY (AI TAXONOMY OF RISKS)

The MIT AI Risk Repository provides:

• An accessible overview of threats from AI

• A regularly updated source of information about new risks and research

• A common frame of reference for researchers, developers, businesses, evaluators, auditors, policymakers, and regulators

• A resource to help develop research, curricula, audits, and policy

• An easy way to find relevant risks and research

MIT AI INCIDENT TRACKER

Global Index for AI Safety: 
Developed under the theoretical framework of the AI Governance International Evaluation (AGILE) Index, this Global Index for AI Safety (GIAIS) provides a systematic assessment of national capabilities, current status and preparedness in addressing AI safety challenges.
>>> https://agile-index.ai/global-index-for-ai-safety

Open source AI Governance (Report by CAIP/YALE UNIV.) :

The proliferation of open-source artificial intelligence (AI) has triggered a contentious policy debate. Should open-source AI be considered for regulation as closed models have been? Two prevailing perspectives have emerged: one that focuses on geopolitical risk, particularly with respect to US-China competition, and one that is grounded in ideological values around open-source technology, such as innovation, transparency, and democracy
>>>  https://www.centeraipolicy.org/work/us-open-source-ai-governance

I would love business practices to change to protect data dignity, and alignment with Human rights and Data Equity.

Perhaps the easiest business case for businesses to move forward in this is monetary value of their own proprietary data and protection of their clients’ trust and loyalty. Building towards a more private and safe infrastructure to not only keep their competitive advantage, it will also ensure mitigation from data pollution, data misuse, and avoid costly economic and societal costs.

There are many steps to go and a many new technologies offering better, safer solutions, as well as sustainable ( ways of going about this.

Please reach out if you have further questions, insights, and reports to add to this list.