Cybersecurity in the Era of AI: challenges and opportunities for 2025

According to Microsoft's Digital Defense Report 2024, 90% of organizations are exposed by at least one attack route: no company is completely safe and Latin America is in the crosshairs.

In the last decade, reported cyber incidents have grown by 25% annually. In 2022, Costa Rica suffered attacks that cost it up to 2.4% of its Gross Domestic Product (GDP). In a region of deep poverty and inequality, we cannot afford to wait for a solution. We must act, and quickly, because this threat is becoming a reality with many fronts open to attack.

AI, quantum computing and cybercrime: how is it changing the game?

During Santex Week 2024, Chris Wendt exposed a disturbing reality: AI and quantum computing are democratizing cybercrime. It no longer takes years of experience or millions of dollars in resources to breach systems. Attackers are already using:

• Advanced language models to create perfectly personalized scams

• Deepfakes that can replicate voices and videos with terrifying accuracy

• Automated tools that identify weaknesses in a matter of seconds

And this is just the beginning. By 2030, quantum computing could penetrate security systems we now consider unbreakable, decrypting banking data in minutes. The same technology that promises medical breakthroughs and advanced optimization could, in the wrong hands, also be the deadliest weapon.

But there is an opportunity: understanding the evolution of threats and preparing ourselves, using intelligence and strategy.

Weaknesses in security and data exposure

Recent research has revealed that DeepSeek has critical flaws, including an exposed database that leaked over a million records. Furthermore, it links directly to China Mobile servers, allowing users’ activities to be tracked and their queries to be linked to personal information. This level of exposure raises serious privacy concerns.

What is worrying is that this is not an isolated case. ChatGPT has also faced data breach incidents in the past, reminding us that no platform is completely safe. However, DeepSeek has proven to be more vulnerable to “jailbreaking” techniques, allowing users to bypass restrictions in order to generate dangerous content, from instructions for making explosives to disinformation campaigns. The key question is not just how advanced an AI is, but how protected we are when using it.

International prohibitions and restrictions

Due to these security concerns, several countries have begun banning or restricting the use of DeepSeek. The United States is considering banning the app in federal agencies due to national security risks, and South Korea has issued warnings about the dangers associated with its use. These actions reflect a growing distrust of the platform globally, a reminder that cyber threats come not only from malicious actors, but also from the very technology we use.

The future of security is collaborative

While threats grow exponentially, the availability of cybersecurity talent is shrinking. 66% of companies report a critical cybersecurity skills gap, and only 14% of organizations are confident they have the right talent to meet today’s challenges (Global Cybersecurity Outlook 2025, World Economic Forum). This lack of readiness  not only amplifies risks, but also exposes a key vulnerability: human error. According to a survey by IBM Security (via The Hacker News), 95% of cybersecurity breaches occur due to human error, such as misuse of credentials or sending data to the wrong recipients.

This highlights the urgency of investing in strengthening the first line of defense: people. Reskilling and upskilling are no longer optional. Companies must accelerate the training of professionals or risk being left defenseless. Cybersecurity is not merely a technical challenge; it is also a change of mindset.

Some strategies that I consider key are:

• Investing in employee curiosity. Interactive simulations and hands-on exercises generate real, applicable learning.

• Gamify security. Developing simulations in which participants take on the role of attackers or defenders, forcing them to make real-time decisions to protect a digital infrastructure.

• Design security into systems from their beginnings. Security is not an add-on; it is a priority.

The difference between a prepared company and one that is at risk is not in the number of tools it uses, but rather in how it integrates security into its culture and processes. This implies strengthening capabilities, developing talent, and rethinking security as a business enabler.

It is not technology that will save us, but rather what we do with it.

The key lies in curiosity, collaboration and human talent. If we make AI an ally and cultivate a shared security culture, we will not only protect the digital future, but define it. Companies that understand that security is not a protocol, but a mindset, will not only resist change: they will lead it.