AI’s Rapid Growth Brings New Challenges for CISOs Across Asia in 2025
By Josh Lemos, Chief Information Security Officer at GitLab
2025 will be a pivotal year for security teams across Asia as organisations grapple with AI advancements, complex cyber threats, and stringent new regulations.
While AI-powered tools offer innovative solutions, they present a double-edged sword for security teams. As vendors integrate AI into their offerings, new vulnerabilities may create opportunities for cybercriminals. CISOs face the daunting task of assessing their organisations’ exposure to these risks and implementing effective safeguards.
Navigating this complex landscape is further complicated by evolving cybersecurity regulations, such as Australia’s Cyber Security Bill 2024 and Singapore’s updated Cybersecurity Act. Security and legal teams must collaborate closely to ensure compliance and mitigate risks.
Despite the potential security challenges generative AI poses, it also offers opportunities to improve the security of software development processes. By proactively identifying vulnerabilities and enabling greater automation, AI will help close the gap between developers and security teams.
Here are three trends that will dominate the enterprise security landscape in 2025.
Vulnerabilities in proprietary LLMs open the possibility of broad impact security incidents
Software vendors are rushing to add AI-enabled features to their products, often by leveraging proprietary foundational LLMs. As attackers start to find vulnerabilities in these models, they will open a new attack vector with potentially wide-scale consequences. Industry consolidation increases risk.
Proprietary models reveal little information about their provenance or internal guard rails, making them much harder for security professionals to understand and manage. As such, attackers can embed malware or exploit lesser-known attack surfaces in a model’s feature space.
Because the industry relies heavily on a few proprietary LLMs, these attacks could have cascading effects throughout the software ecosystem, potentially leading to wide-scale outages or impacts.
AI and cloud-native workloads will increase demand for highly adaptive identity management
The growth of cloud-native and AI applications creates new challenges for identity management systems. Next year, access control must become more adaptive to address the increase in non-human, service-based identities.
Systems that manage identity and permissions have already been transitioning from their traditional, static state to a more ephemeral and adaptable framework, reflecting the agility required for modern digital interactions. These needs will become even greater in the year ahead.
AI-driven applications, in particular, demand a solid understanding of transitive identities. These applications require systems that provide secure and efficient access, even as roles and needs constantly evolve.
AI will help scale security within DevOps
In a recent survey, 58% of developers said they feel some degree of responsibility for application security. However, the demand for security-skilled DevOps professionals still outpaces supply.
AI will continue democratising security expertise within DevOps teams by automating routine tasks, providing smart coding recommendations, and further bridging the skills gap. Security will be integrated throughout the build pipeline, enabling the early identification of potential vulnerabilities at the design stage by leveraging reusable security templates that can be integrated into developer workflows.
Authentication and authorisation will also be improved, with AI automatically assigning roles and permissions as services are deployed across cloud environments.
The net result will be improved security outcomes, reduced risk, and enhanced collaboration between developers and their security peers.
Leveraging AI to stay ahead of evolving threats in Asia
As technology advances and cyber threats grow more complex, CISOs across Asia must acknowledge the risks AI introduces while implementing AI-powered tools to stay ahead.
By leveraging AI to automate routine security tasks, detect vulnerabilities proactively, and respond swiftly to threats, organisations can strengthen their defences while keeping pace with the rapidly changing threat landscape.