What Changed in AI and Cybersecurity in 2025

Posted on by Bob Paradise
Robot hand interacting with digital lock
17
Dec

If you looked back just a couple of years, you might’ve heard of AI as a trendy idea…

In 2025 it became business-as-usual. Generative AI (that means AI that can write text, make images or code) and machine learning (that means software that learns patterns from data) became central in company systems. Many firms across New England upgraded their IT, adopted hybrid cloud setups (part in the cloud, part on-site) and used AI tools to boost productivity.

But these gains also mean higher risks. With more remote work and more Internet-connected devices your “attack surface” grows — meaning more points where attackers might get in. One forecast shows global security spending will grow by roughly 12.2 % in 2025. Another projects spending on information-security will hit about US $212 billion in 2025, up about 15 % from 2024.

For New England businesses this means:

  • The tools you bought may now include AI features — chatbots, predictive analytics, automation of tasks.
  • But adding cloud, IoT, remote teams and edge devices means your business may face new vulnerabilities.
  • If you’re working with remote staff or vendors, you face a unique mix of opportunity and risk.
  • It’s time to take a look at your cyber security and AI budget in 2026.

We’re Seeing The Rise of AI-Powered Ransomware & Cyber-Threats

One of the major shifts in 2025 is the appearance of AI-powered ransomware. Traditionally, ransomware software comes with fixed code that attackers compile and push out. But in August 2025 researchers uncovered the first known ransomware that uses a locally running AI model to generate malicious scripts on the fly. That malware is called PromptLock.

What is PromptLock?
PromptLock is a new type of ransomware that uses artificial intelligence to help cybercriminals create and run their attack. Instead of using one fixed piece of malicious code, it uses AI to generate the instructions it needs on the spot, making the attack harder to predict. Once it runs, it can scan a computer, steal files, and lock them so the victim can’t access them. It’s mainly a proof-of-concept right now, but it shows how hackers might start using AI to build smarter, more flexible cyberattacks in the future.

Why this matters for you:

  • Because the AI generates code in real-time, the malware may look different each time. That means many security tools that rely on recognizing fixed patterns may fail.
  • Even smaller firms in New England are at risk — size no longer protects you.
  • If you assume “we haven’t been attacked yet so we’re safe”, this shift means you should reconsider.

Even though PromptLock is currently considered a proof-of-concept (not yet widely deployed in real-world attacks) the fact it exists signals the next wave of threats is already here.

The Broader Cybersecurity Threat Landscape for Businesses

Beyond ransomware, 2025 brought a number of shifts businesses must pay attention to:

Phishing and Vishing – Phishing is when someone tricks you via email to click a link or hand over credentials. Vishing is similar but over voice calls. In 2025 many phishing attacks used AI to personalize messages, making them harder to spot.
Supply-Chain Vulnerabilities – Many businesses belong to a chain of vendors, suppliers or contractors. If one link is weak, attackers can use it to reach you.
Cloud & Edge Risks – Moving data and computing to the cloud or edge devices gives flexibility, but misconfigurations or unmanaged devices raise risks.
Skills & Budget Gaps – Even with more spending, many organizations admit their defenses are behind the evolving threats. In fact, the cybersecurity landscape as a whole is going into 2026 short-handed with an estimated 500,000 job openings in the field that will go unfilled.

Ask yourself these questions:

  • Are you using multi-factor authentication (MFA) everywhere?
  • Are your data backups stored offline and tested regularly?
  • Any vendor or supplier you work with been assessed for cyber risk?
  • Has your team been trained to recognize modern threats like AI-enhanced phishing?

Even small or medium-sized businesses in New England improve their odds by taking action now.

What’s Ahead for 2026 — What New England Businesses Should Prepare For

If 2025 taught us anything it’s that threats evolve. Here are what we expect for 2026:

Identity-First Security / Zero Trust – Instead of assuming your network boundary is secure, this model assumes breach and insists on verifying every identity and access request.

AI as Both Weapon and Shield – Just as attackers use AI, defenders must use AI. Seeing patterns, automating response and spotting threats early will matter more than ever.

Stricter Regulation & Compliance – Laws around data protection, vendor risk and cybersecurity are growing. If you do business in Massachusetts, Rhode Island or across New England, expect more oversight.

Resilience Over Prevention – It’s not enough to try and block all attacks. The goal shifts to: can you recover fast when you are hit? That means incident-response planning, backups, testing.

Supply Chain & Ecosystem Risk – Your risk extends beyond your walls: vendors, cloud services, IoT/OT devices (industrial devices) matter. In New England’s interconnected business environment this is vital.

Here are actions you can take now:

  • Create or update your incident-response plan.
  • Review your vendor contracts and perform a cyber risk check.
  • Train your leadership and staff on modern threats like AI-generated phishing and supply-chain attacks.
  • Add region-specific factors (for example, remote work across New England winters, distributed teams) into your tech/cyber plan.
  • Review who has access in your network — ensure they have only what they need and nothing more.

If You Need a Hand With This… Get In Touch With Attain Technology for Our Free Cyber Risk Assessment!

If your company hasn’t reviewed its cyber posture this year, now is the time. Schedule a free Cyber Risk Assessment with Attain Technology to see where you stand—and what you need to do next.

Spots are limited, secure yours today: Sign Up For Attain Technology’s Cyber Risk Assessment

Why Choose Attain Technology

At Attain Technology, we’ve supported New England’s business leaders for nearly 20 years. Our proactive IT management, transparent communication and 24/7 human support mean your systems work as hard as you do. If you’re ready for stress-free IT and strong cyber readiness, we’d love to talk.

FAQ

What should New England businesses know about AI-powered ransomware like PromptLock?
PromptLock is the first known ransomware that uses artificial intelligence to generate its own attack code. For New England businesses this matters because AI gives attackers the ability to move faster and target smaller companies with the same force once reserved for large enterprises. Attain Technology guides local companies through these risks by helping them prepare for AI-driven attacks before they happen.

How can a business in New England tell if its cybersecurity is ready for 2025-level threats?
If you are not using multi-factor authentication in every area, testing backups regularly or reviewing vendor and supply-chain risks, your defenses may be behind current standards. Many businesses in Massachusetts, Rhode Island and throughout New England come to Attain Technology for a complete Cyber Risk Assessment to understand their real level of protection.

Are small businesses in New England at the same risk as larger companies?
Yes. AI-powered attacks let criminals scale their efforts, which means small and mid-sized companies across New England are now targeted as often as big firms. Attain Technology works with organisations of all sizes to build right-sized security that fits their team, budget and level of risk.

How can Attain Technology help protect my business from AI-driven threats?
Attain Technology provides managed IT and cybersecurity services built for modern threats. This includes identity-first security, cloud protection, remote workforce security, supply-chain risk checks and 24/7 monitoring. Our team works to keep businesses in Massachusetts, Rhode Island and the greater New England area safe from ransomware, phishing and emerging AI-supported attacks.

What steps should I take before 2026 to improve cybersecurity for my New England business?
Start by reviewing who has access to your systems, enforcing multi-factor authentication, improving backup and recovery processes and training your team on modern phishing tactics. If you need help, Attain Technology can create a clear plan that fits your New England operations and prepares you for the next wave of AI and cybersecurity risks.

Bob Paradise

Bob Paradise has a track record of achieving success by utilizing his analytical and technical skills, along with leveraging diverse technology and cybersecurity solutions, to enhance business capabilities and reduce organizational risks.