As we begin 2025, artificial intelligence (AI) continues to be both a game-changer and a point of contention in the software industry.
Over the past year, AI has accelerated the pace of innovation, reshaped development practices, and raised critical questions about cybersecurity and regulation. From tools boosting productivity to AI being weaponized in cyberattacks, the dual-edged nature of AI is clear.
In the first part of Sonatype's 2025 prediction series, our experts explore the future of AI. Will regulation prevent misuse or hinder innovation? How will threat actors use AI? And what strategies can businesses adopt to keep up?
Let's explore what the next year will bring for AI and software development.
Predictions
Here, we dive into insights and predictions from Sonatype leaders and experts on how artificial intelligence is shaping the future of software development.
An AI "Wild Wild West" will have consequences for cybersecurity
"As with any change of hand, a new administration means hitting reset on the current administration's initiatives. Over the last four years, there has been an uptick in Executive Orders centered around cybersecurity strategies and AI guardrails, but those constraints could come off next year — and it could have major implications for businesses. Failing to balance innovation with safety and security will lead to further weaponization of AI in cyberattacks, and it will be incredibly difficult to stop them." — Brian Fox, Co-founder and CTO
Automation will define security winners and losers
"AI's impact on software development in the coming year will be impossible to ignore. Tools like generative AI are already making developers faster and more efficient than ever, but they're also creating new security and software quality challenges. As the speed of development accelerates, security teams are struggling to keep up. Meanwhile, bad actors are leveraging the same AI tools to execute more sophisticated supply chain attacks at breakneck speed. In 2025, there will be a sharp divide between organizations prepared to defend their systems in this new era of ai-powered cyber threats and those that aren't – organizations that focus on security automation will come out on top while those who do not will bear the brunt of a new wave of attacks." — Mitchell Johnson, Chief Product Development Officer
2025 will be the year of machine vs. machine on the cybersecurity battlefield
"The cybersecurity landscape will be defined by machines next year thanks to the AI hype. Threat actors are already using AI to craft more sophisticated attacks, but defenders have been lagging behind in their AI implementation on the cybersecurity front. Next year will be a pivotal turning point, as organizations start deploying AI for advanced threat detection, malware analysis and network traffic monitoring. This dynamic will accelerate the arms race in cybersecurity as both sides push the boundaries of what AI can achieve in detecting and countering threats next year." — Ax Sharma, Security Researcher
There will be escalating abuse of AI-centric platforms and open source ecosystems
"With the rising popularity of AI tools and platforms like Hugging Face, attackers will exploit these spaces even more to increasingly target the broader software ecosystem. Beyond traditional open source repositories, malicious actors are extending their reach into developer forums such as Stack Overflow, where they lure developers with misleading solutions that conceal malware. In 2025, we can anticipate a rise in malicious activities that leverage seemingly innocuous features like GitHub comments as covert vectors for malware." — Ax Sharma, Security Researcher
AI is Integral to Cybersecurity
"AI has become essential in cybersecurity, powering rapid detection and response to vulnerabilities. The National Vulnerability Database, for example, currently has a backlog of over 18,000 unprocessed vulnerabilities. AI is the critical bridge that plugs the resource gaps. With millions of open-source components in circulation, AI isn't a magic bullet, but it's increasing productivity. Security firms can act at the speed and scale needed to address rising threats in real-time, turning AI into a productivity multiplier rather than a cure-all." — Ilkka Turunen, Chief Field Technology Officer
Preparing for AI's transformative impact
AI is no longer just a tool — it's a force reshaping every corner of the software industry. In 2025, AI will power everything from innovation to cybercrime, and the divide between those prepared to embrace AI-driven solutions and those caught off guard will only grow.
As our experts have highlighted, organizations must find the balance between harnessing AI's potential and managing the risks it introduces. Whether through regulation, security automation, or advanced defensive strategies, the choices made this year will shape the future of software development and cybersecurity.
The stakes are high, but so are the opportunities. Stay tuned for the next post in our series, where we'll explore how evolving regulations will influence the software supply chain in 2025.
