Cybersecurity has never been more advanced – or more fragile. On paper, organizations have stronger tools, smarter automation, and more sophisticated frameworks than at any point in the past decade. Yet in practice, the gap between what we think we secure and what is actually happening inside our systems continues to widen.
It’s not because attackers have become superhuman. It’s because the environments we defend now shift faster than our validation methods.
Minor workflow changes, new automations, a refreshed interface, an AI assistant added to save employees time – each of these evolves the attack surface in ways we rarely pause to assess.
This tension – between fast-moving systems and slow-moving assurance – became especially visible at this year’s Cybersecurity & Data Protection Forum. The keynotes converged on a shared message:
Cyber risk in 2025 is shaped less by the attacks we fear and more by the assumptions we fail to test.
So let’s break down what these insights mean – and what security leaders can do to stay one step ahead.
Cyber Hill: The New Landscape Where Modern Risks Take Shape
One of the most striking moments at the Forum came from Boris Goncharov’s keynote, Cyber Hill — a guided walk through real incidents that demonstrate how today’s attacks come from new systems and tool weaknesses. The scenarios he presented highlighted something truly uncomfortable: modern breaches often stem from everyday tools behaving in ways we didn’t anticipate, or from trust mechanisms we assumed were safe.
1. Prompt Manipulation: When Hidden Instructions Shape System Behavior
As organizations adopt AI-generated code and automation to move faster, they also inherit logic they may not fully understand. Hidden prompts, unintended instructions, or subtle input manipulations can alter how a system behaves without ever touching traditional “vulnerabilities.”
This is not a niche concern – it is rapidly becoming a mainstream source of risk as businesses rely more heavily on AI to build workflows and applications. We explored this emerging risk in our recent article: When AI Codes Too Fast: The Security Risks of Vibe Coding
2. Browser-in-the-Browser Phishing: A Perfect Imitation of Trust
The second scenario focused on Browser-in-the-Browser (BitB) phishing – an attack so convincing it can deceive even seasoned professionals. By imitating the appearance of a legitimate browser window, complete with an authentic-looking URL bar, these attacks bypass the visual cues users rely on to make safe decisions.
Boris’s example underscored a difficult truth: when attackers control the interface, they control the perception of legitimacy. In a BitB attack, everything looks correct – until it’s not.
3. Zero Trust Bypass: When Helpful Tools Become High-Risk Gateways
The final scenario examined a Zero Trust bypass driven not by an exploit, but by a user’s unconscious reliance on automation.
In the example, an AI email assistant drafts and sends messages on behalf of the user. When a Zero Trust policy tries to block a suspicious outbound email, the user simply instructs the assistant to “resolve it.” The AI does exactly that – bypassing the safeguard.
Why? Because the assistant was granted more privileges than it needed, and because multi-agent AI systems make it nearly impossible to trace which component is performing which action.
This reflects a growing industry trend: in the rush to make AI tools work smoothly, many organizations strip away the very controls designed to protect them.
Cyber Hill’s message is unambiguous: new attack types are emerging faster than most organizations can see, let alone understand. Our assumptions are outdated, and the goal can no longer be to stop every threat – but to be ready for whatever emerges next, and to ensure we can recover quickly when the path turns against us.
You Can’t Stop Every Attack – But You Can Stop Being Unprepared
Cybersecurity has long relied on the belief that strong controls, strict access policies, and a reliable perimeter could keep organizations safe. That approach worked when systems changed slowly and attacks followed predictable patterns. But today’s environments evolve far faster than the protections designed to secure them.
Modern incidents rarely hinge on a single vulnerability. They emerge from small, untested changes – an updated workflow, a new integration, an over-permissioned automation. Attackers now exploit assumptions and behaviors just as often as they exploit code.
This is why prevention alone falls short. Security controls are static, but the systems they defend are in constant motion. A quiet configuration change can introduce risk without triggering alerts. An AI assistant can bypass a policy simply because a user asked it to. A forged interface can trick even trained professionals.
This is why readiness matters more than the illusion of perfect prevention. “No incidents detected” no longer means “no incidents exist,” especially when environments evolve far faster than the tests designed to secure them.
The real issue is not a shortage of tools or frameworks – it’s the absence of continuous visibility. And nowhere is this gap more evident than in the long stretches of untested change that most organizations carry without realizing it.
The Security Gap No One Talks About: 350 Days Without Testing
Despite how quickly modern systems evolve, most organisations still test their security only once a year. It’s a long-standing industry habit – part compliance requirement, part tradition – but it creates one of the biggest, least acknowledged risks in cybersecurity.
As Marko Simeonov, our CEO, highlighted during the Cybersecurity & Data Protection Forum, the real risk doesn’t emerge from a single major incident. It emerges from the constant stream of small changes introduced into environments every day.
“Every time you deploy, every time you update, every time you change something, every time your systems evolve, you are not closing that security gap – you are creating a bigger one. And this exposure window is the perfect target for malicious actors to exploit.”
When you validate your security posture only annually, you are effectively assuming that nothing critical will change for the next 350 days. Yet the reality is the opposite. Infrastructure shifts weekly. New features are deployed monthly. Third-party tools update automatically. Automations expand. Teams adopt new workflows without realizing the security consequences.
By the time the next penetration test arrives, the environment being assessed barely resembles the one validated a year earlier.
This mismatch leaves months of untested assumptions, and those assumptions become blind spots – places where attackers have far more clarity than defenders. As Marko noted, the issue isn’t just the long intervals between tests; it’s the false sense of stability those intervals create.
A security report quickly becomes outdated, but the confidence it gives often lingers far longer than the accuracy it represents. In a world where risk is continuous, testing cannot remain occasional.
The Shift to Continuous Penetration Testing
This is why the industry is moving decisively toward continuous penetration testing – a change Marko described as both overdue and unavoidable.
The traditional, once-a-year approach simply cannot keep pace with how fast modern environments evolve. What used to serve as a meaningful checkup has become, in many cases, a snapshot of a moment already gone.
Continuous validation represents a fundamentally different philosophy. Instead of treating security as an annual milestone, it integrates testing into the everyday operations of the organization. When a new feature is deployed, when a workflow changes, when permissions shift, when a new tool is adopted – validation follows.
This isn’t just about more frequent testing. It’s about maintaining visibility into how security posture changes over time. Continuous penetration testing uncovers the small gaps that collect between major reviews – gaps attackers count on and defenders often never detect.
And as Marko emphasized, this evolution reflects a broader maturity shift: from relying on static, preventive measures to continuously measuring, challenging, and strengthening security posture as it evolves.
Conclusion
Both keynotes at this year’s Cybersecurity & Data Protection Forum pointed to the same reality: modern risk isn’t defined by the rare, dramatic breach but by the constant, quiet evolution of the systems we rely on every day. The attack paths Boris illustrated in Cyber Hill and the operational gaps Marko exposed in his call for continuous testing reinforce a simple truth: you can’t stop every attack – but you can stop being unprepared.
Security in 2025 is no longer about perfect prevention. It’s about maintaining visibility in an environment that never stops changing. It’s about challenging assumptions, validating continuously, and ensuring that every update, integration, and automation is met with the same scrutiny as the systems they reshape.
At AMATAS, we are already moving in this direction.
We’ve introduced Continuous Penetration Testing to help organizations close the 350-day gap and understand their real security posture as it evolves – not just once a year. And as companies accelerate their adoption of AI, we are supporting them in doing so securely, ensuring that innovation does not come at the cost of new, unseen risks.
You can’t prevent everything. But you can be ready for anything.
Ready to understand your real exposure and strengthen your resilience? Book a meeting with our team and let’s discuss how we can support your journey.
