Roger Grimes, KnowBe4's Data-Driven Defense Evangelist, reveals how autonomous, and AI-powered deepfake malware is transforming the cybersecurity landscape in this eye-opening RSAC 2025 interview with @siliconangle. Discover why organizations must urgently prepare for sophisticated social engineering attacks that leverage AI technology to bypass traditional security measures. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
KB4-CON 2025 brought together some of the brightest minds in cybersecurity for an unforgettable gathering to tackle one of today’s most pressing challenges: managing human risk in an era of advanced, AI-powered threats.
The rapid adoption of AI coding assistants is transforming software development in ways both good and bad. Developers can produce more code faster than ever with AI, and 96% of developers report using AI coding assistants to streamline their work. AI code generation is becoming mainstream, and in late 2024, Google reported that AI writes more than 25% of its code. While GenAI tools increase productivity, they’re also creating more work for application security teams.
Passwords remain the most widely used and weakest authentication method in the enterprise. They’re still responsible for the majority of breaches, and IT teams spend an outsized amount of time simply managing them. It’s no wonder that security leaders are shifting toward passwordless authentication, a more secure and phishing-resistant approach that replaces traditional credentials with biometrics, passkeys, and FIDO2-compliant sign-ins.
Each year on World Password Day, most password managers will remind you that sticky notes are no place for storing passwords, to avoid using “password123,” or to stop repeating passwords across multiple accounts. That is all sound advice, but we’re in 2025. Passwords are still everywhere, but our relationship with them has evolved — or rather, devolved.
When necessary, you water it, monitor it, and weed out what doesn’t belong before it spreads. The same principle applies to cybersecurity. In today’s digital landscape, cyber threats evolve rapidly. From phishing and privilege escalation to rogue access and lateral movement, attacks often take root well before they’re discovered. That’s why detection and response are no longer optional ‒ essential for resilience.
Email is still the most common attack vector for cyber threats, according to a new report from Barracuda. The researchers found that one in four emails during February 2025 was either malicious or spam. HTML attachments were the most common file type used in phishing emails. “One of the most striking findings from the report is that 23% of HTML attachments are malicious, making them the most weaponized type of text file,” Barracuda says.
Recently, I covered a T-Mobile scam where a friend of mine narrowly avoided losing money. In that scam, the attackers called up pretending to be from T-Mobile offering him a cannot-pass-up 30% discount on future T-Mobile bills. While he was initially suspicious of the unexpected callers, they gained his confidence by repeating the amounts of his last two T-Mobile bills, billing address, and knew that his wife was also on the account.