Okta CSO EMEA discusses rogue prompts and rising threats

Stephen McDermid, CSO EMEA, Okta shares his 2025 cybersecurity predictions with International Security Journal.

What do you see as the most important technology trend in 2025? Do you think that AI will continue to dominate the spotlight?

According to analyst firm Gartner, AI agents will be the most important technology trend in 2025, with analysts predicting that 15% of daily work decisions will be made autonomously by AI agents by 2028.

While productivity gains will be immense, the cybersecurity industry does need to have an urgent conversation about information access control for the impending explosion of autonomous AI agents – and if we don’t have this conversation, we’ll see a rising tide of both accidental and hostile cyber-breaches and data leakage in 2025.

By the end of 2025, we’ll be living in a world with billions of autonomous AI agents acting on our behalf. There are important questions that the cybersecurity industry needs to answer – what are these bots doing? What information do they have access to?

And how do we set and control the conditions and parameters around what information they can share, with who and under what circumstances?

Right now, all these questions are up in the air.

These bots don’t even have the benefit of basic cybersecurity awareness training. They don’t have that human sixth sense that tells us something might be wrong. They can’t think for themselves.

All it takes is one rogue prompt for an AI agent to mistakenly share sensitive personal or financial information with another agent and things could quickly spiral out of control.

Where can we expect to see cyber-criminals focusing their efforts?

Every company needs a payroll and finance system.

In recent years, cloud-based systems have seen massive growth and now attackers are turning their sights to accessing these systems by logging in with stolen or compromised credentials.

In 2025, we can expect to see a significant uptick in cyber-attacks targeting these providers. These businesses are big money-spinners for hackers. By their very nature, they hold sensitive information on dozens if not hundreds of companies, meaning one successful hack has significant potential financial gain.

This is part of a long-term trend of broadening attack surfaces. It’s not just your database that gets hacked anymore – it’s your SaaS apps, integrations and supply chain partners as well as the people who manage them. There are no easy answers here. Businesses simply must embed cybersecurity into every third-party supplier assessment they conduct to help make sure they’re protected.

How do you expect the cybersecurity industry to respond to these threats?

We need a mindset shift across the cybersecurity industry, with far more collaboration between industry players. We face an unprecedented threat environment – and this is before the potential risks that AI agents bring to the table.

We need to agree more standards, best practices and frameworks around cloud applications and how they communicate with each other so that they are secure by default. A single cybersecurity vendor can’t do that alone.

At Okta, we’ve started on this with the Interoperability Profiling for Secure Identity in the Enterprise (IPSIE), to help standardise secure identity management, in partnership with the OpenID Foundation. I’d like to see more organisations sign up to this standard and other standards be introduced to help businesses, and ultimately end-users, improve their security posture.

Stephen McDermid

Stephen McDermid, Senior Director CSO EMEA has led and been responsible for several enterprise-wide transformations ranging from National Government transformation projects to ISO27001 and PCI-DSS accreditation across multiple sites.

He’s taken his hands-on knowledge and expertise and used them to help organisations manage security across a broad range of disciplines and ensure senior stakeholders understand the risks and, more importantly, the opportunities available to their business.

Stephen has worked with some of the largest organisations across military, banking, government and enterprise sectors, such as NATO, the UN and the UK Home Office.