According to a recent report by Gartner, IT leaders are projected to allocate more than half of their cybersecurity budgets to preemptive defense strategies by 2030. This shift comes in response to the rapid evolution of cyber threats, particularly those driven by artificial intelligence, which have rendered traditional detection and response tools inadequate. Zbyněk Sopuch, Chief Technology Officer of Safetica, noted that standalone detection and response solutions have fallen out of favor since 2019, as sophisticated cyberattacks now occur almost instantaneously. Experts warn that while preemptive security measures can significantly reduce risks by blocking untrusted activities before they escalate, the transition to these systems may face challenges such as integration difficulties and cultural inertia within organizations.
Datadog’s 2025 State of Cloud Security Report reveals that over one-third of organizations are adopting data perimeters as a response to rising concerns about credential theft. This advanced security practice is now utilized by 40% of organizations, with popular implementation methods including S3 bucket and virtual private cloud endpoint policies. The report notes a significant trend toward centrally managed multi-account environments. According to Datadog, 86% of organizations are using multi-account setups within AWS, enabling better enforcement of security practices across all accounts.
OpenAI’s recent report reveals that cybercriminals are increasingly leveraging artificial intelligence to enhance their operations, including malware distribution and surveillance activities. The analysis indicates that since February 2024, OpenAI has disrupted over 40 malicious networks, showcasing a trend where cybercriminals are integrating artificial intelligence into their workflows for efficiency. The report details various alarming trends, such as organized crime groups attempting to use AI tools like ChatGPT for generating phishing content and other malicious applications. Notably, some accounts linked to state-sponsored activities are using AI for surveillance and monitoring purposes, including efforts to track minority groups. While these developments highlight the potential dangers of AI in cybercrime, OpenAI emphasizes that current AI models are not being used to create new, novel attack methods but rather to optimize existing tactics.
And just keeping track, the U.S. Department of Homeland Security has reassigned hundreds of national security specialists, including cybersecurity personnel, to support President Donald Trump’s deportation efforts, threatening termination for those who refuse. Employees from the Cybersecurity and Infrastructure Security Agency, or CISA, have been shifted to Immigration and Customs Enforcement and Customs and Border Protection, which received a $150 billion boost for immigration enforcement. These reassignments, particularly affecting senior staff, come amid a backdrop of job cuts that have already diminished CISA’s capacity to protect U.S. networks from cyber threats. Experts warn that this shift risks leaving the government unprepared to address ongoing cyberattacks, including a recent breach involving Cisco routers widely used across various sectors.
Why do we care?
Let’s call this what it is — the old ways of doing cybersecurity are done done done. Gartner’s saying half of all cyber budgets will go to prevention, not detection, by 2030. And I’d argue that’s too slow.
Because guess who’s already using AI to scale up attacks? Criminals. OpenAI just took down 40+ malicious networks using GPT to craft phishing, write malware, and do creepy surveillance stuff. So yeah, this is happening right now.
Then Datadog drops a stat: 40% of orgs are now using data perimeters — locking down who can access what and from where. And 86% are running multi-account setups in AWS. Translation? Security isn’t about firewalls anymore — it’s about architecture.
And here’s the kicker: DHS just reassigned hundreds of cyber experts to immigration enforcement. That includes people from CISA — the team tasked with defending critical U.S. networks. If you’re not worried, you’re not paying attention.
So what do you do?
– Shift to preemptive tools — block bad behavior, don’t just log it.
– Get smart on cloud security — perimeters, IAM, automation.
– Train your users — AI-powered phishing is way better than before.
– And assume you’re on your own. Government support just got weaker.
Cyber’s not a checkbox anymore. It’s your core product. Treat it that way.