Trend Micro Predicts Emergence of Deepfake-Powered Malicious Digital Twins

Trend Micro Incorporated, a global cybersecurity leader, today warned that highly customised, AI-powered attacks could supercharge scams, phishing, and influence operations in 2025 and beyond.

To read Trend Micro’s cybersecurity predictions for 2025, The Easy Way In/Out: Securing The Artificial Future, please visit:
Trend Micro Security Predictions for 2025

Jon Clay, VP of Threat Intelligence at Trend Micro: “As generative AI makes its way ever deeper into enterprises and the societies they serve, we need to be alert to the threats. Hyper-personalised attacks and agent AI subversion will require industry-wide effort to root out and address. Business leaders should remember that there’s no such thing as standalone cyber risk today. All security risk is ultimately business risk, with the potential to impact future strategy profoundly.”

Predicted Threats for 2025

Trend Micro’s 2025 predictions report warns of the potential for malicious “digital twins,” where breached or leaked personal information (PII) is used to train an LLM to mimic the knowledge, personality, and writing style of a victim or employee. Combined with deepfake video/audio and compromised biometric data, these could facilitate identity fraud or entrap family members, colleagues, or friends.

Deepfakes and AI could also power large-scale, hyper-personalised attacks to:

• Enhance business email compromise (BEC/BPC) and “fake employee” scams.
• Identify “pig butchering” victims and lure them via AI-filtered human operators.
• Improve adversary intelligence gathering for pre-attack preparation.
• Create authentic social media personas for misinformation and scams.

Other AI and Cybersecurity Concerns

• Vulnerability exploitation and hijacking of AI agents to perform harmful actions.
• Information leakage from generative AI systems.
• Benign or malicious AI resource consumption leading to denial of service.

Broader Threat Landscape

1. Vulnerabilities: Memory management bugs, API exploits, and older vulnerabilities like XSS and SQL injection remain major risks.
2. Ransomware: Advanced techniques like BYOVD and EDR evasion will make detection harder.

Recommendations for Action To address these escalating threats, Trend Micro recommends:

• Adopting a risk-based approach to cybersecurity with centralised asset management.
• Leveraging AI for threat intelligence and attack path prediction.
• Enhancing user training to reflect new AI-enabled cybercrime tactics.
• Securing AI inputs and responses through strict data validation.
• Implementing end-to-end visibility and multi-layered defences for AI agents.