To help you understand the trends surrounding AI and other new technologies and what we expect to happen in the future, our highly experienced Kiplinger Letter team will keep you abreast of the latest developments and forecasts. (Get a free issue of The Kiplinger Letter or subscribe.) You’ll get all the latest news first by subscribing, but we will publish many (but not all) of the forecasts a few days afterward online. Here’s the latest…
With the rapid rise of artificial intelligence, a sea change in cybersecurity is underway. As new threats emerge from generative AI adoption, AI-enabled security tools are also fortifying defenses.
AI’s rise has prompted higher spending on more advanced IT security. In 2025, security spending is set to grow by 12.5% in the U.S. versus last year, hitting $131 billion, according to technology market research firm IDC. Global growth will be similar, led by large companies, but even small businesses are spending more. The top spending sectors are finance, government, telecom and health care, looking to buy tools to secure cloud apps, manage digital identity and analyze cyber threats.
Sign up for Kiplinger’s Free E-Newsletters
Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more – straight to your e-mail.
Profit and prosper with the best of expert advice – straight to your e-mail.
Attacks are worsening across the board, with an increase in speed, scale and sophistication. AI is supercharging phishing emails and voice clones through AI-created text and audio that often trick victims into sharing private info or clicking on malware. Ransomware is on the rise, too. Cyberthreats are growing across the globe. China’s cyber espionage, including targeted attacks, is surging. Iran is using AI to find security flaws to exploit and to spread misinformation online. That’s sure to increase. Russia, too, is using AI for attacks and digital propaganda.
Physical infrastructure remains a ripe target. This includes chemical plants, electric grids, dams, hospitals, transportation systems and nuclear plants. A recent example is China’s Salt Typhoon intrusion into U.S. telecom networks.
Employee use of AI, much of it unsanctioned, gives security pros heartburn. Start with the risk of divulging company secrets as workers share data with public AI chatbots, which may be insecure. Software from Palo Alto Networks and others tracks AI use in a network to protect data and block unapproved AI apps. Other AI threats include “prompt injection” attacks, when an AI chatbot is tricked to override built-in policies, giving access to unauthorized company data or systems. “Hallucinations,” which are inaccurate but true-sounding responses, also pose a security risk.
AI has big promise for improving cybersecurity software, but it brings risk, too. Some things AI can already do: Find security flaws in software and help patch them. Develop software that resists security flaws. Monitor threats, pinpoint real dangers and alert human cyber pros. AI security chatbots can give security staff detailed answers on threats or company policies to help them solve issues.
One of the most exciting developments is “AI agents” that can do security tasks autonomously. Built by companies such as Amazon, Microsoft, Google, CrowdStrike, OneTrust and Radiant Security, the tools can patch security flaws, thwart data breaches, track insider threats, simulate attacks and more. Another use for autonomous agents is issuing employee log-in credentials to a piece of software via email. A tedious task that is now done manually by IT staff.
But there’s fear that autonomous tools will make mistakes or go rogue. These AI agents need to be secure themselves, with clear guardrails and regular audits. “Behind this incredible era of agentic AI are intricate security considerations that organizations must prepare for today,” said Hammad Rajjoub, director of security at Microsoft, at a recent conference. There are already plans for deploying AI agents to guard other agents.
Despite the new AI threats, basic cybersecurity precautions still mitigate risks for businesses. Use strong usernames and passwords, plus another factor, such as a one-time PIN or fingerprint. Regularly update and patch software. Closely vet security vendors and new AI tools. Minimize data stored. Provide regular security training to staff. Prepare a security incident response plan and regularly test it.
This forecast first appeared in The Kiplinger Letter, which has been running since 1923 and is a collection of concise weekly forecasts on business and economic trends, as well as what to expect from Washington, to help you understand what’s coming up to make the most of your investments and your money. Subscribe to The Kiplinger Letter.
