Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Gartner predicts that generative AI (GenAI) will become a critical workforce partner for 90% of companies by next year. In application development specifically, we see developers turning to code assistants like Github Copilot and Google Gemini Code Assist to help them build software at an unprecedented speed. But while GenAI can power new levels of productivity and speed, it also introduces new threats and challenges for application security teams.

Cybersecurity researchers are warning about a new breed of investment scam that combines AI-powered video testimonials, social media malvertising, and phishing tactics to steal money and personal data. Known as Nomani — a play on "no money" — this scam grew by over 335% in H2 2024, with more than 100 new URLs detected daily between May and November, according to ESET's H2 2024 Threat Report.

LLMs are based on neural network architectures, with transformers being the dominant framework. Introduced in 2017, transformers use mechanisms called attention mechanisms to understand the relationships between words or tokens in text, making them highly effective at understanding and generating coherent language. Practical Example: GPT (Generative Pre-trained Transformer) models like GPT-4 are structured with billions of parameters that determine how the model processes and generates language.

Every single day, billions of API calls happen across the internet. Behind your favorite applications, APIs work quietly to move data and connect systems. But with the growing use of APIs, API attacks didn’t just increase – they exploded. Take the Optus breach in September 2022, in which attackers exploited an unprotected API endpoint and accessed the personal data of up to 9.8 million customers, leading to a $10 million fine.

In the rapidly changing field of software development, application programming interfaces (APIs) are very powerful tools. They allow different applications to communicate, share data, and collaborate seamlessly, constituting approximately 71% of all web traffic. However, as APIs become more essential to our applications, they also attract cyber threats. In fact, 57% of organizations reported experiencing at least one API-related data breach in the past two years.

Cloud Security Posture Management (CSPM) has become essential for monitoring cloud infrastructure, identifying risks, and enforcing security policies. As cloud adoption grows, managing the complexity of these environments—where misconfigurations and vulnerabilities can lead to breaches—requires a robust approach. This is where security frameworks come into the picture. Security frameworks offer structured guidelines and best practices for managing and improving security posture.

As 2024 comes to a close, we went around the room and asked some of Trustwave’s top executives what cybersecurity issues and technology they saw playing a prominent role in 2025. Here is the latest installment. As we look ahead to 2025, the landscape of cyber threats continues to evolve, presenting new challenges for cybersecurity professionals.

Collaboratively authored by Anthony Cammarano, Mario Vargas, Muneeb Hasan, Alexandre Charlet, Andre Castro, Vic Levy, Ken Darker and Iwona Rajca Generative AI (GenAI) applications are revolutionizing how businesses interact with data, primarily through Retrieval-Augmented Generation (RAG) pipelines, combining language models with vast enterprise knowledge bases. These pipelines allow organizations to query extensive internal datasets in real time.

APIs are essential for modern digital business operations, enabling smooth connectivity and data exchange between applications. However, the growing dependence on APIs has unintentionally widened the attack surface, making strong API security a vital concern for organizations. Traditional security measures often prove inadequate in effectively safeguarding this changing landscape.

Adversaries are advancing faster than ever, exploiting the growing complexity of business IT environments. In this high-stakes threat landscape, generative AI (GenAI) is a necessity. With organizations grappling with skills shortages, sophisticated adversaries and operational complexity, 64% of security professionals have already kicked off their GenAI purchase journey.