Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

This article was authored by Daniel Ilan, Rahul Mukhi, Prudence Buckland, and Melissa Faragasso from Cleary Gottlieb, and Brian Lichter and Elijah Seymour from Stroz Friedberg, a LevelBlue company. Recent disclosures by Anthropic and OpenAI highlight a pivotal shift in the cyber threat landscape: AI is no longer merely a tool that aids attackers, in some cases, it has become the attacker itself.

New York has started a movement to reshape the AI compliance landscape for companies doing business in the state. Other states are following suit making Governance and AI Compliance an increasingly critical endeavor.

Ransomware attacks increased by 17.2% percent year-over-year in 2025, with the group Qlin dominating the threat landscape, according to data generated by the LevelBlue SpiderLabs team. These attacks focused primarily on the manufacturing and technology sectors, with the US by far being the most targeted nation. 2025 continued the trend of yearly increases; however, over the last few years, the rate of attacks has somewhat slowed.

Executive Summary NIST CSF 2.0 defines what must be achieved; Organizational Change Management (OCM) determines whether it becomes real. Security programs stall not because the framework is unclear, but because leadership behavior, ownership, and workforce adoption weren’t designed and measured from the start.

For years, security vendors have treated SIEM and XDR as two distinct pillars of their security stack - one built for broad log visibility and compliance, the other designed for high-fidelity detection and rapid response. However, as hybrid environments expanded and attackers began exploiting identity, endpoint, cloud, and network surfaces simultaneously, those boundaries blurred.

With only a few days remaining in 2025, we sat down with Sundhar Annamalai, Chief Strategy Officer, LevelBlue, to discuss some of the major inflection points facing the cybersecurity industry in the coming year.

As 2025 closes and we look toward 2026, the cybersecurity industry is bracing for radical changes that go beyond just intensifying existing problems. To help prepare for these new challenges, at least as much as is possible, a few of our experts weigh in on the defining shifts across the security landscape, from the evolution of nation-state tactics and the crisis in core internet infrastructure to the necessary, strategic pivot toward cyber resilience and identity-centric defenses like Zero Trust.

As 2025 comes to a close, it’s the perfect time to look back at the last year to see what LevelBlue as a company accomplished. We can point to the thousands of clients that we helped keep secure, more than a few acquisitions that have resulted in the creation of LevelBlue as the world’s largest pure-play MSSP company and pulling it all together are the accolades from industry analyst firms and the media showing the extent and depth of our expertise.

At this time last year, LevelBlue asked its experts to offer up some thoughts on what the coming year, 2025, would bring. So, with a year of hindsight, let’s keep ourselves honest and take a look to see what we got right and where we were a bit off. December 2025.

In 2026, one theme will become impossible for security and infrastructure leaders to ignore. The architecture that once secured the enterprise no longer aligns with how the enterprise actually works. Users are everywhere. Applications are everywhere. Data is everywhere. Threats are everywhere. What is not everywhere is consistency.