[{"data":1,"prerenderedAt":506},["ShallowReactive",2],{"/en-us/the-source/security/key-security-trends-for-cisos-in-2025":3,"footer-en-us":34,"the-source-banner-en-us":368,"the-source-navigation-en-us":374,"article-site-categories-en-us":397,"the-source-newsletter-en-us":399,"key-security-trends-for-cisos-in-2025-article-hero-category-en-us":406,"key-security-trends-for-cisos-in-2025-the-source-source-cta-en-us":432,"key-security-trends-for-cisos-in-2025-article-hero-author-en-us":442,"key-security-trends-for-cisos-in-2025-category-en-us":466,"key-security-trends-for-cisos-in-2025-the-source-resources-en-us":479},{"id":4,"title":5,"body":6,"category":7,"config":8,"content":14,"description":6,"extension":25,"meta":26,"navigation":27,"path":28,"seo":29,"slug":30,"stem":31,"type":32,"__hash__":33},"theSource/en-us/the-source/security/key-security-trends-for-cisos-in-2025.yml","Key Security Trends For Cisos In 2025",null,"security",{"layout":9,"template":10,"author":11,"featured":12,"sourceCTA":13},"the-source","TheSourceArticle","josh-lemos",false,"source-lp-ai-guide-for-enterprise-leaders-building-the-right-approach",{"title":15,"date":16,"description":17,"timeToRead":18,"heroImage":19,"keyTakeaways":20,"articleBody":24},"Key security trends for CISOs in 2025","2025-02-25","Explore essential security trends for 2025: how AI creates new risks and opportunities, reshapes identity management, and strengthens DevOps teams.","5 min read","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751464506/hyue0lgqq2lqk3arwnel.jpg",[21,22,23],"AI adoption creates both security risks and opportunities. Organizations must track AI usage in vendor products, prepare for potential outages, and leverage AI to strengthen security controls.","Identity management needs modernization to handle complex machine-to-machine interactions, dynamic permissions, and AI system access, requiring more flexible and adaptive security tools.","AI tools can help bridge the DevOps security skills gap by automating security checks, suggesting secure code patterns, and integrating security throughout the software development lifecycle.","In 2025, many of your critical security tools will include AI models you can’t inspect or fully control. Your board is already asking how you’ll prevent the next headline-making security breach. Meanwhile, your competitors are using AI to automate security at a scale that was impossible just months ago. Evolving regulatory requirements add another layer of complexity, as new rules in the European Union and California affect how you can use AI systems.\n\nThe security landscape is rapidly evolving, but with the right approach, you can harness these challenges to build stronger defenses while protecting against new cyber threats. Here are three trends to prepare for that will dominate the enterprise security landscape this year.\n\n## 1. Vulnerabilities in proprietary LLMs\nMany vendors now use proprietary foundational large language models (LLMs) in their products, creating new risks for your organization. Most of these LLMs are black boxes - you can't see much about how they work or what safety controls they have. Security researchers have demonstrated the fragility of AI guardrails. There is a growing attack surface on the models themselves and reflectively on the products they serve.\n\nSince many products rely on the same few proprietary LLMs, an attack on one could simultaneously affect many of your systems. This concentration of risk is particularly concerning as more critical business functions depend on AI-enabled tools. You’ll need to:\n\n- Track which of your vendors use LLMs\n- Assess the security controls these vendors have in place\n- Plan for possible outages if an LLM-based service fails\n- Develop backup plans for critical AI-dependent systems\n\n> Read more: [7 questions to ask your DevOps provider to build a transparency-first AI strategy](https://about.gitlab.com/the-source/ai/building-a-transparency-first-ai-strategy-7-questions-to-ask-your-devops/)\n\n## 2. Identity management challenges\nCloud and AI systems are changing how we manage access to the systems we use every day. Your identity systems must now handle:\n\n- An increase in non-human, service-based identities\n- More machine-to-machine connections\n- Quick changes in who needs access to what\n- Complex chains of permissions between services\n- AI systems that need varying levels of data access\n\nTraditional identity and access management tools weren’t built for these challenges. You’ll need more flexible identity tools that can adapt quickly as your needs change. Consider implementing [zero-trust principles and just-in-time access](https://about.gitlab.com/the-source/security/field-guide-to-threat-vectors-in-the-software-supply-chain/) to better control these dynamic environments.\n\nSecurity teams should also develop strategies and prepare for the growing complexity of agentic AI with the same level of rigor and auditability they apply to human users. As AI systems proliferate, [tracking and securing these non-human identities](https://about.gitlab.com/blog/improve-ai-security-in-gitlab-with-composite-identities/) becomes just as important as managing human user access.\n\n## 3. Making security work in DevOps\n[In a recent survey](https://about.gitlab.com/developer-survey/), 58% of developers said they feel some degree of responsibility for application security - but finding DevOps staff with security skills remains difficult. AI-powered tools can help by:\n\n- Checking code for security vulnerabilities and potential threats early in development before they cause problems\n- Suggesting secure coding patterns\n- Setting up the right access permissions automatically\n- Automating repetitive tasks throughout the development process\n\nThese tools can help your existing security team work more efficiently. They can also help developers catch common security issues before code reaches production. This means fewer emergencies for your team and better security outcomes overall.\n\nConsider investing in tools that integrate directly into developer workflows. The easier you make it for developers to work securely, the more likely they are to do so.\n\n## Taking action: Embracing AI to secure the threat landscape\nTo stay ahead of these changes:\n\n1. Map out where AI tools touch your systems and assess the risks\n1. Update your identity management approach for cloud and AI needs\n1. Look for ways AI can strengthen your security work\n1. Keep your board informed about new AI risks and regulations\n1. Build relationships with key vendors to understand their AI security measures\n1. Train your team on AI security risks and opportunities\n\nWhile AI brings new risks, it also gives you new tools to protect your organization. Focus on using AI to strengthen your security posture while watching out for new threats. Regular reviews of your AI security stance will help you stay ahead of emerging risks.\n\n## Looking ahead\nThe security landscape will keep evolving as AI technology advances. Stay flexible and ready to adapt your security strategy as new threats and opportunities emerge. Build strong relationships across your organization - especially with legal, development, and operations teams. These partnerships will help you respond more effectively to security challenges.\n\nRemember that while the technology changes, your core mission remains the same: protecting your organization’s assets and enabling secure business operations. Use new tools and approaches where they make sense, but don’t lose sight of security basics in the rush to adopt AI.","yml",{},true,"/en-us/the-source/security/key-security-trends-for-cisos-in-2025",{"title":15,"description":17,"ogImage":19},"key-security-trends-for-cisos-in-2025","en-us/the-source/security/key-security-trends-for-cisos-in-2025","article","oWg_RR4M0RIKmwsYhVsSYhaRKNo6XQGGs4hQw60v7Ow",{"data":35},{"text":36,"source":37,"edit":43,"contribute":48,"config":53,"items":58,"minimal":357},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":38,"config":39},"View page source",{"href":40,"dataGaName":41,"dataGaLocation":42},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":44,"config":45},"Edit this page",{"href":46,"dataGaName":47,"dataGaLocation":42},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":49,"config":50},"Please contribute",{"href":51,"dataGaName":52,"dataGaLocation":42},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":54,"facebook":55,"youtube":56,"linkedin":57},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[59,116,173,232,295],{"title":60,"links":61,"subMenu":77},"Pricing",[62,67,72],{"text":63,"config":64},"View plans",{"href":65,"dataGaName":66,"dataGaLocation":42},"/pricing/","view plans",{"text":68,"config":69},"Why Premium?",{"href":70,"dataGaName":71,"dataGaLocation":42},"/pricing/premium/","why premium",{"text":73,"config":74},"Why Ultimate?",{"href":75,"dataGaName":76,"dataGaLocation":42},"/pricing/ultimate/","why ultimate",[78],{"title":79,"links":80},"Contact Us",[81,86,91,96,101,106,111],{"text":82,"config":83},"Contact sales",{"href":84,"dataGaName":85,"dataGaLocation":42},"/sales/","sales",{"text":87,"config":88},"Support portal",{"href":89,"dataGaName":90,"dataGaLocation":42},"https://support.gitlab.com","support portal",{"text":92,"config":93},"Customer portal",{"href":94,"dataGaName":95,"dataGaLocation":42},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"text":97,"config":98},"Status",{"href":99,"dataGaName":100,"dataGaLocation":42},"https://status.gitlab.com/","status",{"text":102,"config":103},"Terms of use",{"href":104,"dataGaName":105,"dataGaLocation":42},"/terms/","terms of use",{"text":107,"config":108},"Privacy statement",{"href":109,"dataGaName":110,"dataGaLocation":42},"/privacy/","privacy statement",{"text":112,"config":113},"Cookie preferences",{"dataGaName":114,"dataGaLocation":42,"id":115,"isOneTrustButton":27},"cookie preferences","ot-sdk-btn",{"title":117,"links":118,"subMenu":129},"Product",[119,124],{"text":120,"config":121},"DevSecOps platform",{"href":122,"dataGaName":123,"dataGaLocation":42},"/platform/","devsecops platform",{"text":125,"config":126},"AI-Assisted Development",{"href":127,"dataGaName":128,"dataGaLocation":42},"/gitlab-duo/","ai-assisted development",[130],{"title":131,"links":132},"Topics",[133,138,143,148,153,158,163,168],{"text":134,"config":135},"CICD",{"href":136,"dataGaName":137,"dataGaLocation":42},"/topics/ci-cd/","cicd",{"text":139,"config":140},"GitOps",{"href":141,"dataGaName":142,"dataGaLocation":42},"/topics/gitops/","gitops",{"text":144,"config":145},"DevOps",{"href":146,"dataGaName":147,"dataGaLocation":42},"/topics/devops/","devops",{"text":149,"config":150},"Version Control",{"href":151,"dataGaName":152,"dataGaLocation":42},"/topics/version-control/","version control",{"text":154,"config":155},"DevSecOps",{"href":156,"dataGaName":157,"dataGaLocation":42},"/topics/devsecops/","devsecops",{"text":159,"config":160},"Cloud Native",{"href":161,"dataGaName":162,"dataGaLocation":42},"/topics/cloud-native/","cloud native",{"text":164,"config":165},"AI for Coding",{"href":166,"dataGaName":167,"dataGaLocation":42},"/topics/devops/ai-for-coding/","ai for coding",{"text":169,"config":170},"Agentic AI",{"href":171,"dataGaName":172,"dataGaLocation":42},"/topics/agentic-ai/","agentic ai",{"title":174,"links":175},"Solutions",[176,180,185,190,195,199,204,207,212,217,222,227],{"text":177,"config":178},"Application Security Testing",{"href":179,"dataGaName":177,"dataGaLocation":42},"/solutions/application-security-testing/",{"text":181,"config":182},"Automated software delivery",{"href":183,"dataGaName":184,"dataGaLocation":42},"/solutions/delivery-automation/","automated software delivery",{"text":186,"config":187},"Agile development",{"href":188,"dataGaName":189,"dataGaLocation":42},"/solutions/agile-delivery/","agile delivery",{"text":191,"config":192},"SCM",{"href":193,"dataGaName":194,"dataGaLocation":42},"/solutions/source-code-management/","source code management",{"text":134,"config":196},{"href":197,"dataGaName":198,"dataGaLocation":42},"/solutions/continuous-integration/","continuous integration & delivery",{"text":200,"config":201},"Value stream management",{"href":202,"dataGaName":203,"dataGaLocation":42},"/solutions/value-stream-management/","value stream management",{"text":139,"config":205},{"href":206,"dataGaName":142,"dataGaLocation":42},"/solutions/gitops/",{"text":208,"config":209},"Enterprise",{"href":210,"dataGaName":211,"dataGaLocation":42},"/enterprise/","enterprise",{"text":213,"config":214},"Small business",{"href":215,"dataGaName":216,"dataGaLocation":42},"/small-business/","small business",{"text":218,"config":219},"Public sector",{"href":220,"dataGaName":221,"dataGaLocation":42},"/solutions/public-sector/","public sector",{"text":223,"config":224},"Education",{"href":225,"dataGaName":226,"dataGaLocation":42},"/solutions/education/","education",{"text":228,"config":229},"Financial services",{"href":230,"dataGaName":231,"dataGaLocation":42},"/solutions/finance/","financial services",{"title":233,"links":234},"Resources",[235,240,245,250,255,260,265,270,275,280,285,290],{"text":236,"config":237},"Install",{"href":238,"dataGaName":239,"dataGaLocation":42},"/install/","install",{"text":241,"config":242},"Quick start guides",{"href":243,"dataGaName":244,"dataGaLocation":42},"/get-started/","quick setup checklists",{"text":246,"config":247},"Learn",{"href":248,"dataGaName":249,"dataGaLocation":42},"https://university.gitlab.com/","learn",{"text":251,"config":252},"Product documentation",{"href":253,"dataGaName":254,"dataGaLocation":42},"https://docs.gitlab.com/","docs",{"text":256,"config":257},"Blog",{"href":258,"dataGaName":259,"dataGaLocation":42},"/blog/","blog",{"text":261,"config":262},"Customer success stories",{"href":263,"dataGaName":264,"dataGaLocation":42},"/customers/","customer success stories",{"text":266,"config":267},"Remote",{"href":268,"dataGaName":269,"dataGaLocation":42},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"text":271,"config":272},"GitLab Services",{"href":273,"dataGaName":274,"dataGaLocation":42},"/services/","services",{"text":276,"config":277},"Community",{"href":278,"dataGaName":279,"dataGaLocation":42},"/community/","community",{"text":281,"config":282},"Forum",{"href":283,"dataGaName":284,"dataGaLocation":42},"https://forum.gitlab.com/","forum",{"text":286,"config":287},"Events",{"href":288,"dataGaName":289,"dataGaLocation":42},"/events/","events",{"text":291,"config":292},"Partners",{"href":293,"dataGaName":294,"dataGaLocation":42},"/partners/","partners",{"title":296,"links":297},"Company",[298,303,308,313,318,323,328,332,337,342,347,352],{"text":299,"config":300},"About",{"href":301,"dataGaName":302,"dataGaLocation":42},"/company/","company",{"text":304,"config":305},"Jobs",{"href":306,"dataGaName":307,"dataGaLocation":42},"/jobs/","jobs",{"text":309,"config":310},"Leadership",{"href":311,"dataGaName":312,"dataGaLocation":42},"/company/team/e-group/","leadership",{"text":314,"config":315},"Team",{"href":316,"dataGaName":317,"dataGaLocation":42},"/company/team/","team",{"text":319,"config":320},"Handbook",{"href":321,"dataGaName":322,"dataGaLocation":42},"https://handbook.gitlab.com/","handbook",{"text":324,"config":325},"Investor relations",{"href":326,"dataGaName":327,"dataGaLocation":42},"https://ir.gitlab.com/","investor relations",{"text":329,"config":330},"Sustainability",{"href":331,"dataGaName":329,"dataGaLocation":42},"/sustainability/",{"text":333,"config":334},"Diversity, inclusion and belonging (DIB)",{"href":335,"dataGaName":336,"dataGaLocation":42},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":338,"config":339},"Trust Center",{"href":340,"dataGaName":341,"dataGaLocation":42},"/security/","trust center",{"text":343,"config":344},"Newsletter",{"href":345,"dataGaName":346,"dataGaLocation":42},"/company/contact/#contact-forms","newsletter",{"text":348,"config":349},"Press",{"href":350,"dataGaName":351,"dataGaLocation":42},"/press/","press",{"text":353,"config":354},"Modern Slavery Transparency Statement",{"href":355,"dataGaName":356,"dataGaLocation":42},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":358},[359,362,365],{"text":360,"config":361},"Terms",{"href":104,"dataGaName":105,"dataGaLocation":42},{"text":363,"config":364},"Cookies",{"dataGaName":114,"dataGaLocation":42,"id":115,"isOneTrustButton":27},{"text":366,"config":367},"Privacy",{"href":109,"dataGaName":110,"dataGaLocation":42},{"visibility":27,"title":369,"button":370},"The Intelligent Software Development Era: How AI is reshaping DevSecOps teams",{"config":371,"text":373},{"href":372},"/developer-survey/","Get the research report",{"logo":375,"subscribeLink":380,"navItems":384},{"altText":376,"config":377},"the source logo",{"src":378,"href":379},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1750191004/t7wz1klfb2kxkezksv9t.svg","/the-source/",{"text":381,"config":382},"Subscribe",{"href":383},"#subscribe",[385,389,393],{"text":386,"config":387},"Artificial Intelligence",{"href":388},"/the-source/ai/",{"text":390,"config":391},"Security & Compliance",{"href":392},"/the-source/security/",{"text":394,"config":395},"Platform & Infrastructure",{"href":396},"/the-source/platform/",{"categoryNames":398},{"ai":386,"platform":394,"security":390},{"title":400,"description":401,"submitMessage":402,"formData":403},"The Source Newsletter","Stay updated with insights for the future of software development.","You have successfully signed up for The Source’s newsletter.",{"config":404},{"formId":405,"formName":346,"hideRequiredLabel":27},1077,{"id":407,"title":408,"body":6,"category":6,"config":409,"content":410,"description":6,"extension":25,"meta":426,"navigation":27,"path":427,"seo":428,"slug":7,"stem":429,"testContent":6,"type":430,"__hash__":431},"pages/en-us/the-source/security/index.yml","",{"layout":9},[411,418],{"componentName":412,"type":412,"componentContent":413},"TheSourceCategoryHero",{"title":390,"description":414,"image":415},"Get up to speed on how organizations can ensure they're staying on top of evolving security threats and compliance requirements.",{"config":416},{"src":417},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463273/aplkxrvwpii26xao5yhi.png",{"componentName":419,"type":419,"componentContent":420},"TheSourceCategoryMainSection",{"config":421},{"sourceCTAs":422},[423,424,425],"source-lp-guide-to-dynamic-sboms","source-lp-devsecops-the-key-to-modern-security-resilience","application-security-in-the-digital-age",{},"/en-us/the-source/security",{"title":390,"description":414,"ogImage":417},"en-us/the-source/security/index","category","Yz-XSZ2w3Zg4r2_4aWlzq2kmfduukECmMNfXD6Ha26w",{"config":433,"title":434,"description":435,"link":436},{"slug":13},"AI guide for enterprise leaders: Building the right approach","Download our guide for enterprise leaders to learn how to prepare your C-suite, executive leadership, and development teams for what AI can do today — and will do in the near future — to accelerate software development.",{"text":437,"config":438},"Read the guide",{"href":439,"dataGaName":440,"dataGaLocation":441},"/the-source/ai/ai-guide-for-enterprise-leaders-building-the-right-approach/","AI Guide For Enterprise Leaders: Building the Right Approach","thesource",{"id":443,"title":444,"body":6,"category":6,"config":445,"content":446,"description":6,"extension":25,"meta":460,"navigation":27,"path":461,"seo":462,"slug":11,"stem":463,"testContent":6,"type":464,"__hash__":465},"theSourceAuthors/en-us/the-source/authors/josh-lemos.yml","Josh Lemos",{"layout":9},[447,458],{"componentName":448,"type":448,"componentContent":449},"TheSourceAuthorHero",{"config":450,"name":444,"role":453,"bio":454,"headshot":455},{"gitlabHandle":451,"linkedInProfileUrl":452},"joshlemos","https://www.linkedin.com/in/joshlemos/","Chief Information Security Officer","Josh Lemos is the Chief Information Security Officer at GitLab Inc., where he brings 20 years of experience leading information security teams to his role. He is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected, fortifying the Gitlab DevSecOps platform and ensuring the highest level of security for customers.",{"altText":444,"config":456},{"src":457},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463405/f4rqtiecakrekvxfhqar.jpg",{"componentName":459,"type":459},"TheSourceArticlesList",{},"/en-us/the-source/authors/josh-lemos",{"title":444},"en-us/the-source/authors/josh-lemos","author","Kzh9L_9H8IeYxDNNFgPiZ3BBOSdgaHIyKFkhllwdLjI",{"id":407,"title":408,"body":6,"category":6,"config":467,"content":468,"description":6,"extension":25,"meta":477,"navigation":27,"path":427,"seo":478,"slug":7,"stem":429,"testContent":6,"type":430,"__hash__":431},{"layout":9},[469,473],{"componentName":412,"type":412,"componentContent":470},{"title":390,"description":414,"image":471},{"config":472},{"src":417},{"componentName":419,"type":419,"componentContent":474},{"config":475},{"sourceCTAs":476},[423,424,425],{},{"title":390,"description":414,"ogImage":417},[480,489,498],{"config":481,"title":482,"description":483,"link":484},{"slug":425},"Application security in the digital age","Read our survey findings from more than 5,000 DevSecOps professionals worldwide for insights on how organizations are grappling with increasing attack surfaces and changing attitudes towards security and AI.",{"text":485,"config":486},"Read the report",{"href":487,"dataGaName":488,"dataGaLocation":441},"/developer-survey/2024/security-compliance/","Application Security in the Digital Age",{"config":490,"title":491,"description":492,"link":493},{"slug":424},"DevSecOps: The key to modern security resilience","Learn how embedding security in development can slash incident response time by 720x and save millions in security costs annually.",{"text":494,"config":495},"Download the guide",{"href":496,"dataGaName":497,"dataGaLocation":441},"/the-source/security/devsecops-the-key-to-modern-security-resilience/","DevSecOps the key to modern security resilience",{"config":499,"title":500,"description":501,"link":502},{"slug":423},"Guide to dynamic SBOMs: An integral element of modern software development","Learn how to gain visibility into previously unidentified organizational risks with a software bill of materials (SBOM).",{"text":437,"config":503},{"href":504,"dataGaName":505,"dataGaLocation":441},"/the-source/security/guide-to-dynamic-sboms/","Guide to Dynamic SBOMs",1772652094846]