Application security in Asia is set to become an increasingly intricate challenge by 2025. The region faces a vast and ever-evolving technological landscape, compounded by stringent compliance requirements and the diverse roles necessary to maintain security. As organisations navigate these complexities, they must adapt to emerging threats and leverage innovative solutions to protect their digital assets effectively.
Prompt injection breach threatens AI trust
Generative AI has revolutionised the way we interact with data through natural language interfaces. However, this innovation comes with a significant risk: prompt injection attacks, which currently lack adequate security measures.
“In 2025, a leading global company could lose substantial intellectual property due to a prompt injection breach,” warns Nanhi Singh, chief customer officer and general manager of Application Security at Imperva. “This breach is likely to thrust AI into the ‘trough of disillusionment’ quicker than anticipated, as security concerns undermine corporate confidence and the perceived benefits and reliability of AI systems.”
GenAI super hacking tools to emerge
The capabilities of Generative AI will empower even novice attackers—often referred to as 'script kiddies'—to execute sophisticated cyberattacks with minimal effort. Cybersecurity professionals will face mounting challenges as a result.
“Picture a cyberattack tool that requires only the name of a corporate target to initiate a wave of malicious activities,” Singh explains. “Thanks to GenAI, this could become a reality by 2025. Threat actors may use such tools to generate phishing emails automatically and, once inside a network, exploit the technology for deeper access. The simplicity and effectiveness of these tools will likely lead to a surge in both the volume and sophistication of cyberattacks.”
Open-Source supply chain attacks on the rise
The increasing complexity of software supply chains presents a tempting target for cybercriminals. Recent incidents, like the XZ Utils SSH attack, demonstrate how backdoors can be introduced into widely-used open-source libraries, jeopardising the security of numerous dependent systems.
“By 2025, we may witness a significant open-source supply chain attack similar to the XZ Utils SSH incident, but with an even greater likelihood of success,” Singh predicts. “To mitigate the risk, organisations must adopt a multi-layered security strategy, implementing robust measures such as regular code audits, automated vulnerability scanning, and stringent access controls. Sharing threat intelligence within the cybersecurity community is also crucial.”
API vulnerabilities and data leakage
As organisations increasingly adopt modern application development practices, the prevalence of application programming interfaces (APIs) will continue to rise. Last year, API traffic accounted for over 71% of web traffic, according to Imperva research. This surge in API usage brings enhanced risks, necessitating improved API observability.
“Threat actors will increasingly target APIs in 2025 as a means to access critical infrastructures and databases,” Singh warns. “Building continuous visibility and monitoring of data flowing through APIs will be essential for businesses to safeguard themselves. By identifying hidden APIs, software developers and security teams can gain valuable insights into potential security vulnerabilities.”