Business transformation is redefining attack surface management (ASM). We can no longer simply define the Attack Surface (AS); but without that definition, how can we Manage it?

“The attack surface of an organization represents all of the assets (physical, virtual or human) that a malicious actor can potentially use to breach an organization,” says Alex Hoff, co-founder and chief strategy officer at Auvik Networks.

“Traditionally,” continues Raj Samani, SVP and chief scientist at Rapid7, “the focus of attack surface management has been on securing the broader attack surface – but the emphasis is now on preventing the exploitation of assets within increasingly complex environments.”

While we have traditionally considered the Attack Surface to be a part of the overall IT infrastructure that can be treated and managed discretely, our view now is that the AS includes anything and everything a threat actor can target for exploitation. 

“Think about assets of all types, including IT, OT, IoT, specialized devices, humans, cloud infrastructure, SaaS applications, supply chains, AI, structured and unstructured data, Identities and permissions, and remote networking infrastructure – to name but a few,” says Brian Martin, director of product management at Integrity360. That is the attack surface that needs to be managed – born from the increasing complexity of business transformation.

Every new technology or operational technique that is included increases this attack surface. It continues to expand, and in 2025 it is expected to expand and increase in complexity significantly. “The rapidly growing number of IT assets on organizations’ networks will make attack surfaces larger and more complex than ever before,” warns David Shepherd, SVP EMEA at Ivanti.

Mayuresh Dani, manager of security research at Qualys threat research unit, says simply, “The attack surface will continue to increase, as it is directly proportional to the adoption of new technology.”

It will also increase in unexpected places. “The attack surface will likely increase as software complexity grows. Larger codebases correlate directly with larger attack surfaces,” comments Mehran Farimani, CEO at RapidFort. “However, the overlooked risk is the unused code, which accounts for 70% to 80% of most software. This dormant code often harbors numerous CVEs.”

You could say that the modern attack surface is the price of doing business today – and as the business grows, so does the AS. “When it comes to the cybersecurity principles of availability, confidentiality, and integrity, most organizations (outside national security environments) only really care about availability,” says John Bambenek, President at Bambenek Consulting. “That means more technologies will be adopted faster; and while the attack surface grows, as long as the business can make more money, it’s full speed ahead.”

“A holistic understanding of the attack surface–encompassing both internal and external assets and exposures–is essential,” says Martin. “Attackers frequently chain vulnerabilities and exposures across attack paths to escalate privileges and compromise critical assets.”

Our first task, then, is to understand where the AS is still expanding. Starting with the current but growing pain points, here are a few examples.

Do your own thing

BYOD continues. “IT teams still see the trade-off in device procurement and maintenance cost as being worth it compared to the cost of securing the devices. Seeing this trend on the rise means more and more devices added to the attack surface of companies,” warns Dale Madden, attack simulation operations manager at GuidePoint Security.

But over the years, bring your own device has expanded into do your own thing. Technology has become easier to use and is often used by staff just to increase their efficiency. Standing up an S3 bucket without considering the security of the data or involving the security team is the classic example. Developers creating quick code, possibly using new lo code / no code apps and perhaps adding unverified open source libraries could be another. And now, ready-made open source AI models can also be downloaded and used, often without corporate or adequate security oversight. 

Steve Tait, CTO at Skyhigh Security

“I expect a significant expansion in the attack surface driven primarily by two derivatives of generative AI,” says Steve Tait, CTO at Skyhigh Security: “corporate copilots and business applications created by citizen developers.” 

Copilots, he said, “will have increasing access to corporate data, potentially exposing corporate information to unintended users and magnifying the impact of activities such as prompt poisoning. Increasingly supported by copilots, the Citizen Developer has an easy range of tools with which to create new applications at an ever-expanding rate.”

He adds, “Without foundational training in secure development practices these new developers are likely to expose vast quantities of data beyond its intended scope and increase the likelihood of horizontal privilege escalation across the enterprise.”

When speed is essential, and involving the security team is a delay, the temptation to just go ahead and do your own thing is always there. The effect is uncontrolled expansion of the AS with no oversight and little visibility for the security team.

IoT

“The rapid adoption of IoT devices, ranging from smart home appliances to industrial sensors, introduces numerous endpoints that are often inadequately secured. This expansion creates a permeable landscape vulnerable to data breaches,” explains Kevin Curran, IEEE senior member and professor of cybersecurity at Ulster university.

“The growing integration of AI-powered applications and IoT devices, will expose new vulnerabilities and enable bad actors to scale their operations and tactics,” continues Suzanne Button, field CTO EMEA at Elastic.

The ongoing explosion of IoT devices, particularly as part of OT within critical industries, presents a significant challenge. “Many organizations struggle to maintain visibility over these assets, which often lack robust security by design,” warns Martin.

Cloud, SaaS and APIs

“Organizations are increasingly adopting cloud-native architectures and SaaS solutions to enable flexibility and scalability. While beneficial, these technologies often introduce complex configurations that, if mismanaged, expose critical assets to attackers,” says Martin.

“While many organizations have moved data and services to the cloud and have worked to secure these cloud services, the proliferation of SaaS applications has increased the attack surface beyond what most IT teams are proactively managing today, simply because they are unaware of all the SaaS applications they need to secure,” adds Hoff.

Brian Martin, director of product management at Integrity360

Marios Kyriacou, director of product management at Bugcrowd, believes the SaaS problem will worsen, driven by the number of SaaS companies that have been created fueled by financial funding. “As companies grow and as M&A takes place, this offers many opportunities for unknown attack surfaces to be introduced and in many cases forgotten about and not under the same care as assets that are known about.”

APIs and their role in the SaaS-specific attack surface, cannot be ignored. This subject is covered in depth within the separate Cyber Insights 2025: APIs – The Threat Continues.

Edge devices

The continuing evolution of edge devices and infrastructures will be a major challenge in 2025. “We’re seeing a concerning pattern where nation-state actors are systematically targeting edge technologies. Their methodology involves waiting for updates, reverse engineering them, and quickly developing exploits. Traditional asset management approaches are proving insufficient for this new landscape, especially given the complexity of managing various network plugins and third-party integrations,” comments Nathaniel Jones, VP of threat research at Darktrace.

Geopolitics and Regulations

The introduction of nation-state actors to the attack surface discussion forces consideration of two other related but not IT infrastructure-specific concerns: geopolitics and regulations.

Geopolitics doesn’t increase the attack surface, but it can increase the attacks against that surface, enacted by elite adversaries. “There could be increased critical infrastructure threats in 2025, especially because of global unrest. Sectors such as energy, transportation, and healthcare are increasingly targeted by cyberattacks,” warns Curran. He notes, “The Australian Signals Directorate reported that over 11% of cybersecurity incidents in the past year targeted the critical infrastructure sector.”

Growing threats always involve the new attack surface; and governments tend to respond with evermore complex and detailed regulations. “Another pain point for 2025 will be the evolution of regulatory and compliance requirements,” says Raj Mallempati, CEO and co-founder at BlueFlag Security. Regulations, their role and effects, are discussed separately in Cyber Insights 2025: Regulatory Mayhem.

The reason we cannot get ahead of the attackers and fully manage the AS is because the AS keeps expanding in ways we fail to predict. One of the reasons for this is the emergence of new technologies we use before we understand their implications. Artificial intelligence is one of these new technologies – and it will introduce numerous new AS pain points in 2025.

For now, our use of artificial intelligence is based on machine learning (ML), or more specifically, the specialized form of ML known as the large language model (LLM) – as introduced by OpenAI’s ChatGPT in 2022 and now repeated by several other (let’s call them ‘foundational’) LLMs. These LLMs employ natural language processing (NLP) to provide the interface between humans and data. Collectively, the system is commonly known as generative artificial intelligence (gen-AI).

Gen-AI LLMs do not possess intelligence. Everything they know is fed to them – primarily from scraping the internet. How they use that information and how they decide what is accurate and what is not accurate is controlled by algorithms that we do not know and have little hope of understanding. And yet we assume they are correct and secure. Assumption is a dangerous thing in cybersecurity.

Chatbots and LLMs

Chatbots, also known as copilots, are commonly described as organizational implementations of LLMs with specific additional organizational data training for purposes such as customer service, technical support, sales and marketing, and data retrieval. Of necessity they have access to, or knowledge of, large amounts of company data. But they are all, to one degree or another, subject to prompt engineering attacks. Prompt engineering is also known as prompt injection and jailbreaking.

“We’ve already seen a number of instances of prompt injection, and I think this attack technique is very much in its infancy,” warns Dane Grace, technical solutions manager at Brinqa. He fears this will be made worse by the increased use of LLMs to produce the code that creates the chatbot. “This will – ultimately – increase the amount of poorly written software because I think developers under time constraints and other pressures will simply copy-paste, run a quick debug to make sure it works, and then move on.”

Sohrob Kazerounian, distinguished AI researcher at Vectra AI, points out, “In order to be useful, LLMs must ultimately be granted access to information and systems in order to answer questions and take actions that a human would otherwise have been tasked with.” He adds, “In 2025, we will hear of numerous cases where threat actors trick a corporate Gen AI solution into giving up sensitive information and causing high-profile data breaches.”

That sensitive information could include more than we expect. “As information is made available to these chatbots from unstructured data there will be information that is not intended for public consumption,” adds Peter Avery, VP of security and compliance at Visual Edge IT.

The chatbots themselves, as opposed to how they are abused through prompt injection, are likely to become targets in 2025. Although this is not yet common, Quentene Finnegan, COO at Performanta, warns, “The dynamic of trust within chatbots and other digital customer service portals provides ample opportunity for attackers. Once compromised, hackers can use chatbots to launch phishing or ransomware attacks, catching unsuspecting individuals unaware of the dangers of trusting online portals.”

Quentene Finnegan, COO at Performanta

Bambenek summarizes, “The reality is we are in the very early stages of what attacks can be done with prompt injection, how we can detect and stop those attacks, and how to codify vulnerabilities in AI systems.”

Human attack surface

It’s not that the human attack surface will expand in 2025, it’s more that the methods, scale, and sophistication of attacking the human AS will increase – all courtesy of gen-AI.

“We’ve all seen and heard the video and audio deepfake cases going around on social media and how unwitting employees were on video calls with what transpired to be fake versions of their colleagues before they unwittingly transferred the millions to the bad guys,” comments Martin. This will increase in 2025.

“Adversaries will increasingly weaponize AI to create highly targeted and adaptive attacks – techniques like deepfake phishing, and AI-crafted social engineering,” says Simone Sassoli, CEO and CPO at Virsec.

“The promise AI brings for attackers is exponential. Individuals are not yet trained to recognize AI-based attacks, such as deepfake video or audio, and these attack methods are constantly evolving. Dangerously, AI’s learning and automation capabilities mean new attack methods are being launched at great ease and scale, owing largely to the technology’s efficiency,” warns Finnegan.

The effect of AI on social engineering in 2025 is discussed in more detail in Cyber Insights 2025: Social Engineering Gets Wings.

Software supply chain

We could have, and perhaps should have, included the supply chain as an ongoing AS pain point. “Adversaries are increasingly targeting third-party vendors and software providers to infiltrate larger organizations. These attacks exploit vulnerabilities in the supply chain, leading to widespread consequences,” comments Curran. This is indeed ongoing and will increase in 2025.

A key methodology, but not the only supply chain attack methodology, has been to infiltrate open source software libraries, and to wait for the popularity of that OSS to deliver a vulnerability to multiple – or thousands – of different companies. But just as OSS can be freely downloaded from specialist store sites, so too can open source AI models be freely downloaded from other sites.

Our main approach to handling OSS vulnerabilities has been to require software bills of materials (SBOMs). There is interest in developing an equivalent AIBOM, but none has yet gained full acceptance. Indeed the current NIST Artificial Intelligence Risk Framework makes no mention of an AIBOM. It does, however, recognize the risk of open source AI. GOVERN 6 requires that, “Policies and procedures are in place to address AI risks and benefits arising from third-party software and data and other supply chain issues.”

There is a risk that adversaries might infiltrate AI open source. If that happens, the open source attack surface could get a new fillip, courtesy of gen-AI, in 2025.

Crystal Morin, cybersecurity strategist at Sysdig

“The attack surface will continue to grow as our world continues to become increasingly interconnected and our supply chains expand. This is due in part to the tools, applications, AI models, etcetera. that we continue to connect to improve end-user abilities and access,” says Crystal Morin, cybersecurity strategist at Sysdig.

“Initial discovery of these new tools is going to be the primary pain point in 2025,” suggests Dani. “As AI and cloud platforms become more integrated into business operations, misses will be observed while including these tools in security processes. Data exposure on these AI/ML platforms will be the secondary pain point. Employees sharing information about their projects to malicious LLMs will allow bad actors to build a probable attack surface and exploit this weakness.”

ASM is now far more than just monitoring CVEs and patching known vulnerabilities. “As long as ASM remains focused solely on managing internet-exposed CVEs – lagging indicators of risk – defenders will stay at a disadvantage,” says Joe Silva, CEO at Spektion. 

It can also be misleading, adds Morin. “A CVSS 10 vulnerability in your environment is cause for concern, but it matters less than a CVSS 7 vulnerability – or multiple, daisy-chained vulnerabilities – being actively exploited.” Effective ASM is based on awareness (threat intelligence) limiting exposure (identity management and zero trust) and maximizing visibility (asset management and network behavioral analysis).

It is also more than just defending the endpoints. Endpoints can be traversed with stolen credentials regardless of the endpoint defense. Endpoints aren’t even involved when staff do their own thing (see above). And they may be somebody else’s endpoints, and not viewed as a company risk.

Attack Surface Management has effectively become another term for cybersecurity. The days when we could say this part of our system is exposed to attack, and is therefore our attack surface, are long gone. The complexity, connectivity and fluidity of modern technology, courtesy of business transformation, effectively means that the entirety of the business – its technology, its premises, its people, their technology and homes, its suppliers and customers, and even the executives’ fleet – is today’s attack surface.

The only way to manage this surface is with holistic – and ungrammatically, dare we say very holistic – cybersecurity. The difficulty for defenders is that current security tools do not provide holistic security. They provide piecemeal security: a little bit here and a little bit there, and another little bit way over there. CISOs must bring these little bits of security together in an attempt at patchwork holism – knowing that any gap could provide the attackers’ path to an attackable surface within the business.

The basic problem is the attack surface has expanded to include everything, everywhere, and attack surface management has not.

Related Event: Attack Surface Management Summit

Related: AI and Hardware Hacking on the Rise

Related: Videos: Attack Surface Management Summit – All Sessions Available on Demand

Related: Attack Surface Management Startup WatchTowr Raises $19 Million

Related: Cavelo Raises CA$5 Million for Attack Surface Management Platform