Entering the final quarter of 2025, two letters of the alphabet continue to dominate Enterprise Tech's conversation and news: AI. According to a global survey by McKinsey & Company, companies match every story with every action, with 78% of organizations using AI in at least one business feature.
In cybersecurity, some experts hope that defensive AI will ultimately give businesses an edge over attackers. But others are losing sleep in a way that allows AI to pose new threats from both inside and outside.
This week's featured article explores the frustration of AI cybersecurity, the troublesome ChatGPT vulnerabilities, and the drawbacks of AI-powered vulnerability detection. Furthermore, to successfully fulfill the AI moment, experts will learn why Zero Trust must evolve.
The AI Cyber threat worries advocates
The September 2025 Lenovo report revealed widespread concern among advocates regarding AI-powered cyberattacks. Only 31% of IT leaders feel somewhat confident in their defense capabilities, while only 10% express strong confidence.
This report highlights how AI allows attacks to evolve against defense mechanisms and could bypass security platforms. Beyond the offensive AI cited by 61% as an increased risk, IT leaders worry about employees using public AI tools and the use of rapid recruitment of AI agents organizations called “a new kind of insider threat.”
Read Eric Geller's complete story about cybersecurity diving.
ChatGpt vulnerability allows invisible email theft
Radware researchers have discovered a vulnerability called “ShadowLeak,” which allows Hackers to steal emails from users who integrate ChatGpt with email accounts. This attack works by sending a victim's email with hidden HTML code using HTINY or white-on-white text, which tells AI to remove data when asked to summarize the email.
Because the process takes place on OpenAI's infrastructure, the attack leaves no traces on the victim's network and is undetectable. Openai addressed the vulnerability in August after Radware reported it in June, but details of the fix remain unknown. Experts suggested that effective protection requires layered defenses, including AI tools to detect malicious intent.
Read the complete story of Nate Nelson on Dark Reading.
AI vulnerability detection can undermine enterprise cybersecurity
Former US Cyber Official Rob Joyce warned that AI-powered vulnerability detection could exacerbate cybersecurity rather than improve it. AI systems such as Xbow can find software flaws faster than humans, but Joyce said that patching features cannot raise patches, especially on unsupported or legacy systems.
The gap between discovery and remediation of vulnerabilities creates significant risks and can lead to potentially catastrophic security obstacles. Additionally, Joyce warned of new threats, including the exploitation of AI agents integrated into corporate systems, identifying valuable data from ransomware or tor attacks.
Read Eric Geller's complete story about cybersecurity diving.
Zero Trust needs to evolve to respond to AI-powered attacks
The Zero-Trust architecture features an “Never trust, always validate” approach as attackers increasingly adopt AI. Zero trust principles such as network segmentation can help limit access and validate identity, but AI must evolve to counter the enhanced threats.
Attackers now use AI to increase their attack speed and create persuasive deepfakes. Recent SalesLoft Drift violations illustrate these evolving threats. Security experts suggest that zero trusts must adapt, especially by implementing stronger identity verification and maintaining proper segmentation, as organizations integrate AI agents with access to sensitive data.
Read Arielle Waldman's complete story about dark reading.
Editor's Note: The editors used AI tools to help generate this news brief. Our expert editors should always review and edit content before publishing.
Alissa Irei is the senior site editor for Informa TechTarget Security.
