TechAthos logo

Cybersecurity & AI Insights

Dennis’s independent research on tech, threat intel & automation

Weekly Dispatch

Zero Trust playbooks for AI-native defenders

Every issue tracks how identity-first security, adaptive trust, and safety tooling evolve when AI agents automate workflows. Expect real telemetry, migration checklists, and pragmatic guardrail patterns.

Zero Trust & AI Security Trends for 2025

Published November 17, 2025

Boards are still funding Zero Trust programs, but the emphasis has shifted from network segmentation to identity threat protection, SaaS posture control, and AI-supply-chain telemetry. ExtraHop’s outlook puts renewed focus on defending Active Directory while tracking ransomware crews such as RansomHub, 8Base, and Cl0P that now pivot through unmanaged machine identities and vulnerable model endpoints [1]. As organisations wire AI copilots into production workflows, that identity blast radius keeps expanding, creating a rich target for adversaries hunting signing keys or pipeline secrets [1].

While security teams deploy AI to speed investigations, the same tooling is supercharging adversary tradecraft. CERT‑MU’s 2025 report calls out FraudGPT, WormGPT, and other jailbroken assistants that make phishing kit automation, exploit triage, and deepfake creation point-and-click simple [2]. Deepfake incidents already jumped into the majority of social-engineering cases during 2024, showing how fast synthetic media is being weaponised [3].

The practical takeaway for 2025: blend Zero Trust guardrails with AI-aware monitoring. Protect model supply chains (data, evals, orchestration secrets), enforce continuous verification on every user and workload identity, and pair SOC copilots with robust human review. Attackers will continue to let AI drive reconnaissance and payload customization, so defenders need shared telemetry between identity, data, and MLOps stacks to keep pace.

  1. ExtraHop’s 2025 forecast notes that ransomware groups RansomHub, 8Base and Cl0P will drive extortion, Active Directory will remain a significant post‑exploitation target, and rapid AI development will create a vulnerable supply‑chain attack surface.
  2. CERT‑MU observes that cybercriminals are using AI to identify vulnerabilities, generate deepfakes and automate attacks; tools like FraudGPT and WormGPT make these capabilities accessible.
  3. Deepfake attacks increased from 50 % to 60 % in 2024, illustrating the growing sophistication of AI‑powered social engineering.

Playbook

Zero Trust Drift Audit

Identity and network verification checklist for keeping adaptive trust controls aligned with AI workloads.

Run the audit →

Toolkit

LLM Attack Surface Checklist

40 questions to pressure test AI supply chains before release day.

Review checklist →

Data Story

Signals Radar

Weekly datasets on ransomware crews, leak site chatter and CVE weaponisation.

View signals →

Comments