The Rod Awaits: The Three Ugliest Developments in Cybersecurity in 2025.

1. Total identity collapse due to AI-supported attacks

What began in 2024 with convincing deepfake voices and personalised phishing campaigns has developed into an existential crisis in 2025. Sumsub's Identity Fraud Report 2025-2026 from November 2025 shows a 180% increase in sophisticated fraud attacks – the proportion of multi-step attacks rose from 10% (2024) to 28% (2025) of all identity fraud cases, with 75% of respondents believing that fraud is increasingly AI-driven (Sumsub). Deepfake attacks doubled in the UK (94% increase), followed by France (96%), Spain (84%) and Germany (53%), while dating apps and online media reached a fraud rate of 6.3% with romance scams using AI personas and deepfakes (Infosecurity Magazine).

A brand new development in 2025: AI-assisted document forgery rose from 0% to 2%, driven by tools such as ChatGPT, Grok and Gemini, with double-digit growth predicted for 2026 according to Sumsub. The rise of ‘agentic AI scams’ is expected in 2026 – autonomous systems that can carry out complete fraud campaigns from end to end with minimal human supervision. The combination of perfect real-time deepfakes, compromised biometric databases and AI-generated synthetic identities has completely undermined traditional authentication methods. We have effectively lost the ability to verify with certainty who we are actually communicating with in digital spaces.

2. Democratisation of ransomware – from expert tool to weapon of mass destruction

The professionalisation of ransomware-as-a-service reached a level in 2024/2025 that eliminated any technical barriers to entry. Groups such as LockBit, BlackCat/ALPHV, RansomHub and new players offer complete ‘turnkey solutions’ with support hotlines, tutorials, automated negotiation platforms and success guarantees. Today, an average criminal without in-depth technical knowledge can orchestrate attacks that three years ago would have required teams of specialists. Double and triple extortion (encryption + data theft + DDoS threats) has become standard, even in smaller attacks. Particularly perfidious: attacks on critical infrastructure such as hospitals, educational institutions and local governments have increased exponentially because the ‘affiliate’ pool has grown dramatically.

The economic incentives are enormous, law enforcement remains largely ineffective, and international cooperation is hopelessly lagging behind the threat. Ransomware has evolved from a specialist threat to systematic, industrialised mass extortion.

3. Supply chain attacks as an (almost) unsolvable systemic risk

2024 showed us the fundamental fragility of our software ecosystems with XZ Utils, Polyfill.io and other incidents. In 2025, it became clear that we have no viable solution. Dependency chains are getting longer instead of shorter – modern applications can have hundreds to thousands of dependencies, each with its own sub-dependencies. Open-source projects, often supported by individual, unpaid maintainers, form critical infrastructure for Fortune 500 companies and governments.

Despite SBOM, increased attention and new tools, the fundamental trust problem remains unresolved. To make matters worse, with AI-generated code flowing into repositories and the difficulty of distinguishing malicious code from legitimate code, we have a new level of opacity. State actors have recognised the supply chain as a strategic target – a single compromise can cripple tens of thousands of organisations.

Contact our experts to learn how to respond to current threats. Click here for further links:

New Ransomware-as-a-Service (RaaS) Groups to Watch in 2025 | Flashpoint

Supply Chain Attacks Surge In 2025: Double The Usual Rate

Sumsub’s Annual Report: Fraud Shifts to Complex Multi-Step Schemes in 2025, Agentic AI Scams Poised to Surge in 2026 | Sumsub

Click here to visit our Security Angel.