< Back
AI, AppSec, and Offensive Security: Penetration Testing Trends for 2025

Tags:

TCS BELUX Risk and threat evaluation
24 February 2025

AI, AppSec, and Offensive Security: Penetration Testing Trends for 2025

Thales Cyber Solutions

As cybersecurity threats grow more complex, penetration testing remains at the heart of offensive security. At Thales Cyber Solutions, we enhance traditional pentesting with AI-driven tools, advanced red teaming techniques, and modern application security practices. Our 2025 focus empowers organizations to proactively identify vulnerabilities, strengthen defenses, and stay ahead of evolving threats.

1. Purple Teaming

In 2025, the fusion of offensive and defensive security efforts through Purple Teaming is becoming more prominent. By fostering collaboration between red (offensive) and blue (defensive) teams, organizations can:

  • Enhance threat detection and response capabilities.
  • Share real-time insights to improve security postures.
  • Conduct continuous assessments that integrate defensive improvements based on offensive findings.

At Thales, we offer Purple Teaming engagements specifically designed to train blue teams to effectively detect red team activities and real-world advanced persistent threats (APTs). This approach leverages our combined expertise in offensive security, along with the capabilities of our robust Security Operations Center (SOC) and incident response services. By combining these strengths, we ensure that blue teams are not only reactive but also proactive in identifying and mitigating sophisticated threats.

Purple Teaming bridges the gap between identifying vulnerabilities and fortifying systems against real-world attacks, ensuring a holistic approach to cybersecurity. Our engagements are designed to cover a wide range of Tactics, Techniques, and Procedures (TTPs), ensuring comprehensive coverage aligned with the MITRE ATT&CK framework. This structured approach enables organizations to identify gaps in their detection and response capabilities, improving their ability to counter real-world threats effectively.

2. Threat-Led Penetration Testing (TLPT) and Red Teaming (TIBER)

In the context of the Digital Operational Resilience Act (DORA), there is a growing emphasis on Purple Teaming as it has become a mandatory phase in Threat-Led-Penetration Testing (TLPT) exercises. This regulatory requirement underscores the necessity of integrating offensive findings into defensive strategies, foresting a culture of continuous improvement and resilience.

Frameworks like TIBER (Threat Intelligence-Based Ethical Red Teaming) are also gaining traction across industries. These methodologies focus on simulating sophisticated, real-world cyber threats tailored to specific organizations, offering:

  • A realistic assessment of an organization's resilience against advanced persistant threats (APTs).
  • Insights into the effectiveness of current security measures and incident response protocols.
  • Alignment with regulatory and compliance standards, especially in critical sectors like finance and energy. This includes considerations related to the NIS 2 Directive, which enhances cybersecurity expectations across essential and important entities in the EU.

Thales Cyber Solutions qualifies as both a Threat Intelligence (TI) and Red Team (RT) provider, with extensive experience in the financial sector, including engagements with systemic banks. This dual qualification provides clients with deeper threat insights and more comprehensive testing, combining intelligence-driven threat modeling with real-world attack simulations for a holistic security assessment.

Moreover, the tests conducted by Thales have been supervised by local regulators, ensuring compliance with the highest industry standards. Leveraging this dual capability, we deliver bespoke red teaming engagements that reflect the evolving threat landscape.

3. AI in Offensive Security and Penetration Testing

Artificial Intelligence is transforming offensive security by enabling more sophisticated red teaming tactics and introducing new vulnerabilities in AI systems themselves. In 2025, organizations must address both the ffensive use of AI in cyberattacks and the critical need to secure AI models from exploitation.

Offensive AI Applications:

  • AI-Driven Phishing Attacks: Generating highly personalized phishing content at scale, increasing the likelihood of successful social engineering.
  • Advanced Red Teaming Tool Development: Utilizing AI to create sophisticated red teaming tools, including custom malware and advanced command-and-control (C2) communication channels, to simulate highly evasive threats.
  • Evasion Techniques: Employing AI to dynamically modify malware signatures and behaviors to bypass traditional detection mechanisms.
  • Exploitation of LLMs: Conducting advanced attacks on large language models (LLMs) through techniques such as prompt injection and jailbreak attacks to manipulate output or extract sensitive information.

Securing AI Models Against Attacks:

  • Adversarial AI: Understanding how threat actors can manipulate AI systems to bypass security controls.
  • AI-Augmented Threats: Recognizing how attackers use AI to automate and enhance cyberattacks.
  • LLM security Testing: Identifying vulnerabilities in AI models, especially in use cases like chatbots and retrieval-augmented generation (RAG) systems that handle sensitive internal information.

At Thales, our AI-focused penetration testing methodologies incorporate the OWASP Top 10 for LLM Applications and are aligned with ANSSI's security recommendations for generative AI systems. We also help organizations ensure compliance with emerging AI regulations, particularly the EU AI Act, ensuring that both offensive and defensive aspects of AI security are addressed comprehensively.

4. Application Security in Modern Development Environments

With the rapid evolution of software development practices, securing applications in modern development environments has become increasingly complex. In 2025, Application Security (AppSec) focuses on safeguarding a diverse range of development approaches, from cloud-native applications to low-code and no-code platforms.

Key focus areas include:

  • Securing Serverless Functions (e.g., AWS Lambda): Identifying and mitigating vulnerabilities in serverless environments, ensuring proper authentication, and managing permissions to prevent unauthorized access.
  • Microservices Security: Protecting microservices' architecture from inter-service communication vulnerabilities, ensuring secure APIs, and managing service-to-service authentication.
  • AI Endpoint Protection: Securing AI model endpoints from unauthorized access, data leakage, and exploitation through API abuse or adversarial inputs.
  • Low-Code/No-Code Application Security: As these platforms become more prevalent, they offer speed and flexibility but can inadvertently introduce vulnerabilities if not properly managed. Common vulnerabilities often stem from authorization issues, where improper access controls can lead to unauthorized data exposure or functionality access. We address risks by evaluating default configurations, securing third-party integrations, and ensuring that rapid development does not compromise application integrity.

Thales Cyber Solutions provides security assessments tailored to diverse development environments. Our methodologies embed security throughout the development lifecycle, ensuring that both cloud-native architectures and low-code applications are resilient against evolving threats.

At Thales Cyber Solutions, we equip clients with cutting-edge offensive security strategies to tackle emerging threats. In 2025, we refine our methodologies with AI innovations, regulatory-driven pentesting, and modern AppSec practices to keep organizations ahead of evolving cyber risks.

Contact Us

Discover more on this topic

cards image

CryptoLove Report