I can hardly believe I’m saying this, but 2024 is almost over. Where has the time gone???

As we wrap up the year, we begin to look ahead at 2025 strategies and budgets. It’s our tradition here at Bugcrowd to ask our leaders what they predict will happen in the upcoming year. We asked several Bugcrowd leaders and top hackers to share their 2025 cybersecurity predictions. Here were a few themes:

  1. Hardware and IoTAs you may have noticed in the 2024 edition of Inside the Mind of a Hacker, hardware and IoT security is definitely back in the spotlight. As Bugcrowd CISO Nick McKenzie says, “2024 was all about vulnerabilities and exploits on numerous perimeter (edge) connectivity devices. We will see this continue into 2025 as a vector, compounded further by multinational government/agency backed broadcasts and directives on their use.”
  2. AI as a tool, target, and threatThe topic of AI has blown up over the past couple of years, and it isn’t going away anytime soon. Every single hacker we talked to mentioned AI as a major theme in 2025. Bugcrowd founder Casey Ellis says, “As the hype dies down and the real-world use cases of generative AI start to form, I expect the overall field of AI security and safety to mature significantly in 2025, addressing AI as a target, tool, and threat.”
  3. Third-party and supply chainThird-party and supply chain risk has never been more at the forefront. Bugcrowd CEO, Dave Gerry says, “Supply chain security will rise in prioritization and prominence in the upcoming year. The security ecosystem is only as strong as its weakest link, and vulnerabilities within the supply chain can create huge ripple effects across the business.”
  4. Red teaming as a serviceRed teaming is a crucial part of every organization’s offensive security strategy. Julian Brownlow Davies, Bugcrowd VP of Advanced Services, says, “As organizations look to continuous exposure management, ongoing or continual simulated attacks become increasingly important to provide real time feedback to organizations on evolving threat actor TTPs that they are vulnerable to.”

Check out the graphic below for more 2025 predictions!