Cybersecurity firm Zscaler has highlighted the rapid adoption of artificial intelligence (AI) across enterprises and small businesses in its newly released 2025 AI Security Report. While AI is being leveraged to enhance efficiency, decision-making, and customer service, researchers at ThreatLabz, Zscaler’s security unit, warn that it is also broadening the cyber threat landscape.

The report reveals a staggering 3,000% increase in AI and machine learning tool usage in 2024, underscoring both the benefits and security challenges of this surge. “AI adoption introduces serious risks, from unsanctioned usage—referred to as ‘shadow AI’—to data exposure,” the researchers noted. More concerningly, cybercriminals are weaponizing AI, using it to amplify attacks with unprecedented speed and ease.

 The Role of AI in Cybersecurity 

Despite the risks, AI is also proving to be a critical line of defense against cyber threats. Organizations are increasingly integrating AI into security operations, utilizing it to detect, analyze, and counteract attacks in real-time.

Zscaler’s Chief Security Officer, Deepen Desai, emphasized the need for a zero-trust security model, which requires strict verification of all users and devices before granting access. Managed security service providers (MSSPs) and managed service providers (MSPs) will play a key role in helping companies transition to this model, offering support for network simplification and cybersecurity enhancements.

 ChatGPT Tops AI Usage and Blocking Lists 

Analyzing 536.5 billion transactions between February and December 2024, ThreatLabz found that OpenAI’s ChatGPT was the most widely used AI application—accounting for 45.2% of observed AI-related transactions. However, it was also the most frequently blocked AI tool, alongside Grammarly and Microsoft Copilot, due to concerns over data security and compliance risks.

Organizations transmitted 3,624 TB of data to AI tools, heightening worries about data privacy and unauthorized data retention. Desai pointed out that some AI providers retain user inputs for training or share data with third parties, raising compliance concerns under regulations like GDPR.

The report also sheds light on how cybercriminals are exploiting AI for phishing, deepfakes, and automated attack campaigns. Open-source AI models, such as DeepSeek, present both opportunities and risks—empowering businesses while also enabling malicious actors to scale their operations.

Looking ahead to 2025, Zscaler predicts that agentic AI—systems capable of operating autonomously, making decisions, and adapting behaviors—will present new cybersecurity challenges. The rise of reasoning AI, which enables software to draw conclusions independently, could further complicate cyber defense strategies.

“The growing autonomy of AI systems will pose significant security challenges, not just for enterprises adopting AI but also as attackers use these technologies,” ThreatLabz researchers concluded.

As AI continues to evolve, businesses must prioritize robust cybersecurity strategies to navigate both its transformative potential and its risks in an increasingly AI-driven world.