AI and Cybersecurity: Lessons Learned from 2024 Predictions

Every year at DNSFilter, we like to do our best to predict the future when it comes to cybersecurity. You might know this already if you’ve read the blog by our CTO, TK Keanini, about his 2025 cybersecurity predictions. We also like to review our predictions to see how well we did overall- it’s nice to keep score.

Last year, all of our predictions (outlined in our 2024 Annual Security Report) were around AI, with good reason. From where we sit at the very start of 2025, all threats now carry some element of AI. Here, I’ll go a little deeper to see just how well we did with these predictions around AI and how this all ties into the next year.

Generative AI is going to make a malware mess

Generative AI became a powerful tool for attackers in 2023 and into 2024, enabling the creation of realistic phishing schemes, automation of malware generation, and acceleration of malicious activities. However, while AI misuse grew, the feared scenario of “AI breaking containment” did not occur on a significant scale. Empowering defenders with advanced, AI-powered malware detection and threat intelligence tools is essential to counter AI-driven threats. By making these tools widely accessible, organizations of all sizes can level the playing field and defend against sophisticated, AI-enhanced attacks.

Deepfakes will be leveraged during election season

This prediction proved accurate as deepfakes and AI-generated media played a role in misinformation campaigns, particularly during sensitive political events. While deepfake-driven disinformation was less pervasive than initially feared, it still proved effective in targeted incidents. Widespread availability of user-friendly deepfake detection technology - in combination with protective DNS like DNSFilter that can block sites categorized as misinformation - can significantly enhance resilience against disinformation.

Rushed GenAI Implementation as a Threat Vector

The prediction about rushed generative AI adoption creating new vulnerabilities turned out to be accurate. Many companies integrated AI without fully understanding its complexities or addressing potential security risks, resulting in an expanded attack surface. The risk of organizations handing over personally identifiable information (PII) to an open system continued in 2024 and threat actors have found ways to exploit that open system. This situation highlights a valuable opportunity to emphasize that an AI-first approach must balance speed with security. Rather than prioritizing rapid implementation, organizations should adopt AI responsibly, focusing on robust testing, continuous monitoring, and adherence to best practices. This proactive and thoughtful approach to AI implementation ensures that AI becomes a trusted and secure resource, transforming potential vulnerabilities into opportunities for learning and improvement across the industry.

AI Regulation Will Come Too Late

As of the end of 2024, AI regulation still isn’t even here. The forecast that AI regulation would lag behind rapid AI advancements was, for better or worse, accurate. Governments worldwide have recognized the need for regulation, but legislative processes are still catching up, resulting in significant oversight gaps. This is an opportunity for the industry to lead by setting high standards of responsible AI use. However, rather than waiting for regulation to dictate best practices, many organizations have been proactive with self-regulation. They’ve adopted ethical guidelines that prioritize security and transparency. At DNSFilter, we are working toward responsible AI leadership, fostering a culture where AI’s growth is aligned with ethical principles. Responsible AI use, driven by collective industry action, is both possible and essential in an AI-first world.

Final Thoughts Heading into 2025

Overall, our 2024 predictions were not too far off the mark. AI-powered malware, deepfakes, and security risks from rushing AI adoption all happened as predicted. Going forward into 2025, the shift to the cloud, the adoption of AI, and the future move to quantum computing are all going to have a big impact on where cybersecurity trends are. 

As TK stated in his 2025 cybersecurity predictions, 2025 marks a turning point in our relationship with reality. AI’s ability to generate hyperrealistic images, videos, and audio will force us to question the authenticity of our senses. Organizations must ensure their employees use legitimate AI tools and critically evaluate the information they encounter, recognizing that AI can be used to create deceptive content.