Mr. Phan Hoang Giap – Chief Technology Officer at VSEC – shares his insight: “In the landscape of 2025, emerging trends such as Artificial Intelligence (AI) and Cloud-Native Application Protection Platforms (CNAPP) are forecasted to dominate the cybersecurity sector.”

According to the Cybersecurity Market Report 2024–2029 by Mordor Intelligence, the Asia-Pacific region plays a pivotal role in the global cybersecurity market due to rapid digital transformation and the growing adoption of advanced technologies across multiple sectors. Trends such as Zero Trust and Blockchain have been widely discussed in recent years and have reached a certain level of maturity. Meanwhile, quantum computing—though promising to revolutionize various aspects of cybersecurity—still requires more time for practical expansion and widespread adoption.

Therefore, “in the landscape of 2025, emerging trends such as Artificial Intelligence (AI) and Cloud-Native Application Protection Platforms (CNAPP) are forecasted to dominate the cybersecurity sector,” shared Mr. Phan Hoang Giap, CTO of VSEC. At the same time, Chief Information Security Officers (CISOs) are increasingly aware of the importance of proactively managing risks to protect their organizations from vulnerabilities and latent threats.

Artificial Intelligence not only supports rapid threat detection and incident response but also significantly enhances the ability to anticipate potential risks. Meanwhile, CNAPP—by embedding security across the entire lifecycle of cloud-native application development—has become an indispensable solution for digitally transforming enterprises. These powerful trends are reshaping the way we safeguard data and systems in this new digital era. Let’s dive deeper into these two trends with Mr. Phan Hoang Giap, CTO of VSEC.

1. AI-Driven Cybersecurity: A Strategic Shift

Artificial Intelligence is rapidly becoming a critical component in the cybersecurity landscape. Its ability to process vast volumes of data and make near-instant decisions is transforming how organizations defend systems and respond to threats. On the offensive side, AI is enabling attackers to launch more sophisticated campaigns with unprecedented speed and effectiveness. Highly convincing phishing emails, realistic deepfake videos, and optimized malware are just a few examples. However, on the defensive front, AI has emerged as a powerful tool to counter these evolving threats. According to IBM Security, organizations applying AI and Machine Learning to threat detection have reduced detection time by up to 96% compared to traditional approaches.

AI-integrated security products are driving a major shift in the industry, with solutions like UEBA (User and Entity Behavior Analytics) playing a pivotal role. By analyzing the behavior of users and entities, UEBA helps identify abnormal patterns that traditional tools often overlook. The use of AI in UEBA has improved anomaly detection accuracy by up to 85%, according to Gartner. Similarly, AI-powered insider threat detection tools have seen significant advances in precision, helping organizations mitigate both internal and external risks more effectively.

One notable trend in AI adoption is the transition from legacy SIEM (Security Information and Event Management) solutions to XDR (Extended Detection and Response). XDR not only enhances detection and response capabilities but also leverages AI to streamline threat analysis and identification. Its ability to integrate and correlate data sources significantly reduces false positives, improving both the reliability and efficiency of cybersecurity operations. In parallel, this shift is accelerating the growth of MDR (Managed Detection and Response) services, which are increasingly replacing traditional Managed SIEM offerings. With MDR, organizations benefit not just from 24/7 monitoring but also from tailored, actionable responses to incidents—reducing both damage and downtime.

In the field of Threat Intelligence, AI functions as an ultra-fast “analyst,” capable of processing and analyzing vast volumes of data from diverse sources. AI not only helps identify patterns within the data but also uncovers relationships between entities such as IP addresses, domains, or malicious files. This provides a more accurate and contextual understanding of threats. Based on these insights, organizations can make informed strategic decisions to prevent and respond to emerging threats effectively.

In the realm of Security Operations (SecOps), AI and the trend of HyperAutomation are gradually redefining the role traditionally played by SOAR (Security Orchestration, Automation, and Response). Conventional SOAR platforms heavily depend on custom scripts, require significant costs, and often entail lengthy deployment times. In contrast, the integration of AI makes automation processes far more agile. AI not only facilitates easier system integration but also optimizes incident response workflows, significantly reducing response times to security incidents. The convergence of AI and automation is ushering in a new era in cybersecurity—one where speed and efficiency are key to combating increasingly complex threats. According to Gartner, Security Operations Centers (SOCs) that incorporate AI and HyperAutomation can reduce manual workloads by up to 55%, allowing engineers to focus on more sophisticated threats.

AI is also driving a significant leap in productivity for security engineers, particularly within modern SOC environments. These teams face overwhelming volumes of data and security alerts on a daily basis, creating substantial operational pressure. AI has emerged as a powerful tool, enabling faster and more accurate incident analysis, risk-based threat prioritization, and intelligent triage of critical issues. Moreover, AI automates repetitive tasks, dramatically reducing manual effort and enabling security teams to dedicate their time to more strategic and complex missions.

Demand for Pentest-as-a-Service (PTaaS) rose by 35% in 2023 compared to 2022 (according to MarketsandMarkets)

AI is driving a significant shift in penetration testing (Pentest), a domain that traditionally requires high-level expertise and extensive manual effort. With AI, a portion of vulnerability exploitation—particularly at medium complexity levels—can now be automated. AI enables rapid and accurate testing, identifying and reporting potential vulnerabilities at a speed that far surpasses human capabilities. This advancement not only reduces reliance on manual pentesters but also accelerates the growth of Pentest-as-a-Service (PTaaS). PTaaS empowers organizations to embed continuous security testing into their DevSecOps pipelines, helping to eliminate bottlenecks in the software development lifecycle and accelerate the implementation of cybersecurity measures.

2. Cloud Security – CNAPP in Cybersecurity

The Cloud Native trend is reshaping how organizations build and operate their systems, while simultaneously introducing new security challenges. In 2023, 45% of global data breaches were related to cloud platforms (Verizon Data Breach Investigations Report 2023). Additionally, 80% of organizations reported experiencing cloud misconfigurations, which remain the leading cause of cloud security vulnerabilities (McKinsey & Company). This has driven the emergence of solutions like CNAPP (Cloud-Native Application Protection Platform), a comprehensive platform designed to safeguard applications and data in cloud environments. According to Gartner, by 2025, 60% of organizations using cloud services are expected to adopt CNAPP to protect their applications and data.

A key component of CNAPP is Code Security, which focuses on securing applications right from the development stage to mitigate risks before deployment. One widely used technique is Static Application Security Testing (SAST), which analyzes source code to identify security flaws such as injections or insecure coding practices during development. In parallel, Dynamic Application Security Testing (DAST) evaluates the application during runtime, simulating real-world attacks to uncover vulnerabilities that only emerge in a live environment. For applications heavily dependent on open-source code or third-party libraries, Software Composition Analysis (SCA) plays a critical role in detecting and managing known vulnerabilities in these components, reducing risks associated with outdated or insecure dependencies. Beyond application security, Code Security also extends to infrastructure by scanning and analyzing Infrastructure as Code (IaC) to identify misconfigurations or insecure provisioning scripts that could expose the environment to threats.

This approach helps identify insecure misconfigurations in infrastructure configuration files such as Terraform or Kubernetes YAML, ensuring that deployment environments comply with security standards before going live. Another key highlight is the management of sensitive information—such as API keys or tokens—through secret scanning tools that detect and prevent secret leaks within source code. Scanning Infrastructure as Code (IaC) helps detect and fix up to 90% of infrastructure misconfigurations before deployment. Simultaneously, with the widespread use of containers in Cloud Native environments, securing containers during the development phase has become essential. Container image scanning tools can detect vulnerabilities or unsafe configurations during the build process.

Cloud Security Posture Management (CSPM) and Kubernetes Security Posture Management (KSPM) are critical components of modern organizations’ security strategies as they transition aggressively to cloud environments and containerized deployments. CSPM focuses on monitoring and managing the security posture of cloud-based resources, helping identify and remediate misconfigurations to reduce the risk of exploitation. In increasingly complex, multi-layered cloud environments, CSPM not only ensures compliance with security standards like CIS or PCI DSS but also provides continuous monitoring capabilities to ensure that configuration changes do not introduce new vulnerabilities. Similarly, KSPM is tailored toward securing Kubernetes deployments—the most widely used container orchestration platform today. Due to the dynamic and flexible nature of Kubernetes, ensuring security at the cluster, node, and container level has become more challenging than ever. KSPM automatically detects misconfigurations, such as over-permissive access or the absence of necessary policy controls. Additionally, KSPM supports organizations in validating compliance with Kubernetes-specific security standards while enabling continuous monitoring and reporting to improve security posture over time.

Cloud Workload Protection (CWP) focuses on securing workloads operating in cloud environments. These workloads include virtual machines (VMs), containers, and serverless functions, which form the backbone of modern application operations. While cloud environments offer flexibility and scalability, they also introduce increasingly sophisticated cybersecurity risks. CWP is designed to monitor, detect, and prevent threats in real time, helping organizations safeguard assets from external attacks and anomalous internal behavior. Beyond traditional protections such as malware detection and unauthorized access prevention, CWP leverages advanced technologies like AI and machine learning to perform behavioral analysis, enabling the prediction and mitigation of threats before they cause harm. This is especially crucial in Cloud Native environments, where workloads frequently change and move across zones or environments. With CWP, organizations can ensure that every workload is comprehensively protected, remaining resilient against vulnerabilities and cyberattacks.