In 2025, trust became the most exploited surface in modern computing. For decades, cyber security has centered on vulnerabilities, software bugs, misconfigured systems and weak network protections. Recent incidents in cyber security marked a clear turning point, as attackers no longer needed to rely solely on traditional techniques.

This shift wasn’t subtle. Instead, it emerged across nearly every major incident: supply chain breaches leveraging trusted platforms, credential abuse across federated identity systems, misuse of legitimate remote access tools and cloud services, and AI-generated content slipping past traditional detection mechanisms. In other words, even well-configured systems could be abused if defenders assumed that trusted equals safe.

Highlighting the lessons learned in 2025 is essential for cyber security professionals to understand the evolving threat landscape and adapt strategies accordingly.

The perimeter is irrelevant – trust is the threat vector Organisations discovered that attackers exploit assumptions just as effectively as vulnerabilities by simply borrowing trust signals that security teams overlooked. They blended into environments using standard developer tools, cloud-based services and signed binaries that were never designed with strong telemetry or behavioural controls. The rapid growth of AI in enterprise workflows was also a contributing factor. From code generation and operations automation to business analytics and customer support, AI systems began making decisions previously made by people. This introduced a new category of risk: automation that inherits trust without validation. The result? A new class of incidents where attacks weren’t loud or obviously malicious, but were piggybacked on legitimate activity, forcing defenders to rethink what signals matter, what telemetry is missing and which behaviours should be considered sensitive even if they originate from trusted pathways.

Identity and autonomy took centre stage Identity also defines the modern attack surface apart from security vulnerabilities. As more services, applications, AI agents and devices operate autonomously, attackers increasingly target identity systems and the trust relationships between components. Once an attacker had possession of a trusted identity, they could move with minimal friction, expanding the meaning of privilege escalation. Escalation wasn’t just about obtaining higher system permissions; it was also about leveraging an identity that others naturally trust. Considering the attacks targeting the identities, defenders realised that distrust by default must now apply not only to network traffic but also to workflows, automation and the decisions made by autonomous systems.