The AI Arms Race: What the 2025 Armis Cyberwarfare Report Means for Security Practitioners

Our third edition, The 2025 Armis Cyberwarfare Report paints a sobering picture. Cyber warfare today is characterized by escalating state-sponsored attacks, the weaponization of AI, and an increasing focus on critical infrastructure as geopolitical tensions rise. This year’s report findings reveal that 87% of IT decision-makers are now concerned about the impact of cyberwarfare, up from just 54% a year ago. This shift is not just due to growing geopolitical instability, but because AI has fundamentally changed the cyber exposure threat landscape which spans across both physical and virtual digital footprints.

As security practitioners, we must ask what are the potential ramifications? How do we recalibrate our defenses in a world where AI is being leveraged by the attacker and the defender? This report provides critical insights, not just on the dynamic attack vectors, but on the urgent need for a paradigm shift in cybersecurity strategies.

Aspirations vs Reality

The 2025 Armis Cyberwarfare Report highlights a stark contrast between cybersecurity aspirations and current realities: while 81% of IT leaders aim for a proactive security posture, 58% admit they still operate reactively. Market consolidation, regulatory challenges, and legacy security gaps leave organizations vulnerable. Despite a growing interest in AI-driven security, half of IT teams lack the expertise to implement it effectively. Nation-state cyber threats from Russia, China, and North Korea remain top concerns, with 72% of IT leaders fearing that cyber capabilities could escalate into full-scale cyberwar. As Michael Freeman of Armis underscores, closing the gap between intent and readiness is critical—leveraging AI-powered solutions is key to fortifying defenses before the next wave of cyberwarfare threats materializes. More importantly, security teams must go beyond traditional asset visibility to fully map and secure their attack surface, ensuring cloud environments, SaaS applications, and hybrid infrastructures are included in their security strategies.

The Collapse of Perimeter-Based Security

The report underscores another stark reality: traditional security architectures are failing. Attackers are exploiting AI to bypass traditional controls, with 85% of IT leaders reporting that offensive techniques regularly evade their portfolio of deployed security tools. Phishing remains the top technique used to breach defenses in France, the U.S., and Italy, while credential theft and brute-force attacks dominate in Germany.

We have known for some time that perimeter-based security is obsolete. The modern attack surface—spanning IT, OT & IoT, —demands a shift towards continuous monitoring (CTEM), real-time threat intelligence, and AI-driven anomaly detection. If security teams are not already leveraging AI to hunt threats proactively, across their entire ecosystem, including cloud workloads and business-critical applications, they are already behind.

Cyberwarfare is an Economic and Societal Threat

Perhaps the most sobering insight from the report is the financial fallout and operational toll of cyberwarfare. Ransomware payouts are skyrocketing, with organizations in the U.S. and Australia paying an average of $10.1 million per attack. Meanwhile, critical industries—healthcare, utilities, and manufacturing—are feeling the sting of AI-powered attacks most severely. The Change Healthcare ransomware attack in 2024, which compromised the data of 190 million Americans, is a harbinger of what we, as a security community, are facing.

In reality, we are no longer facing just a cybersecurity issue—it’s an economic and societal crisis. The fact that 75% of IT decision-makers now believe cyberwarfare will increasingly target institutions representing free press and independent thought highlights broader implications. Cyberwarfare is not just about financial gain or espionage; it’s about destabilizing democratic institutions, influencing elections, and eroding public trust.

The Path Forward: AI-Powered Cyber Resilience

So where do we go from here? The report makes it clear that AI-driven threats require AI-powered defenses. Key recommendations include:

• Shifting from reactive to proactive security – 58% of organizations still respond to attacks only after they occur. Security teams must implement predictive AI models, early warning systems, and real-time anomaly detection to preempt threats across IT, OT, and IoT environments be they virtual or cloud based..
• Investing in AI-driven threat intelligence – Organizations need visibility into emerging threats across both the surface and dark web. AI can provide continuous monitoring, adaptive risk assessments, and automated response mechanisms in ways that traditional security simply cannot match.
• Closing the AI expertise gap – Half of IT leaders acknowledge a lack of AI security expertise. Upskilling teams, leveraging AI-driven security platforms,  and automating threat hunting across all asset types—including the cloud and software applications—must be top priorities.
• Adopting a Zero Trust approach –  With AI enabling increasingly sophisticated identity-based attacks, Zero Trust architectures—where no user, device, or application is inherently trusted—are an absolute must.

Conclusion: A Call to Arms

The 2025 Armis Cyberwarfare Report highlights a critical inflection point in how we secure our organizations moving forward. AI-powered cyberwarfare is escalating, and the old ways of security—reactive, fragmented, and blind to vast portions of the attack surface—are no longer sufficient. True cyber resilience demands full visibility of all assets, across IT, OT, IoT, from the ground to cloud, combined with Early Warning detection that enables proactive threat mitigation before an attack materializes.

Cyberwarfare is no longer just a cybersecurity issue—it is a fundamental business risk, a national security imperative, and a societal challenge. Organizations that fail to evolve beyond static exposure management will not only suffer financial losses but risk becoming collateral damage in an era of digital conflict. The time to move from reactive to proactive security is now.