Experts predict rise in AI compute threats by 2025

Andrew Krug, Head of Security Advocacy at Datadog, has shared predictions for 2025 regarding emerging cybersecurity threats, particularly targeting AI compute resources and workloads.

Krug suggests that attacks on cloud workloads and environments in 2025 will extend beyond cryptojacking and resource stealing to include more lateral movement and data exfiltration post-exploitation vectors. "In 2025, attacks against cloud workloads and environments will move beyond simply cryptojacking and resource stealing threats, and increasingly involve lateral movement and data exfiltration post-exploitation vectors as well," Krug explained. He noted instances where threat actors targeted Microsoft 365 users using malicious OAuth applications, compromising identities to gain access to email and other applications.

The evolving complexity of cloud provider environments might make cloud visibility increasingly crucial. Krug stated, "Cloud visibility will be more important than ever, especially as applications will continue to increase in complexity as cloud provider environments expand their service offerings." Understanding risk sources and attacker behaviours will be vital as threats evolve.

Traditional attacks focused on cryptomining, ransomware, and spam may shift towards targeting AI compute resources. "As AI continues to become more of a focus for both good and bad actors, threat actors will seek to gain access to AI compute resources and sell that access where they can," Krug stated. He emphasised the need for organisations to adopt Cloud SIEM that includes workload security to monitor activities in cloud environments.

Krug highlighted the increased sophistication of cloud threat actors who will begin exploiting undocumented APIs by 2025. He mentioned previous cases where attackers used undocumented APIs to bypass logging systems like CloudTrail. "While this isn't a new attack vector, we anticipate these types of breaches to increase exponentially next year," said Krug.

Threat actors targeting software supply chains through repositories such as npm and PyPI are expected to increase their efforts. "In 2025, software packages, like the npm and PyPI package repositories, will increasingly be a target for threat actors looking to compromise companies through their software supply chain," Krug warned. He noted a recent attack targeting gaming communities and Discord users through compromised repositories.

Traditional username/password authentication methods are expected to shift towards passwordless solutions due to account takeover risks. Krug revealed that "long-lived cloud credentials never expire and frequently get leaked in source code, container images, build logs, and application artifacts." Datadog's report showed significant usage of such credentials across major cloud platforms, leading Krug to advocate for centralised identity management solutions.

Krug concluded that leveraging time-bound, temporary credentials and centralising identity management could be a more secure approach to managing cloud identities and reducing risks associated with long-lived credentials.