Mid-Year Report: AI Demonstrates Double-Edged Impacts in 2025
This summer, we’re checking in on our TechArena predictions for 2025 to see how they are holding up.
Today, TechArena correspondent Will Torresan sat down with Gina Rosenthal, founder and CEO of Digital Sunshine Solutions, to discuss what she got right in her predictions and what’s taken her by surprise.
Will: On the cybersecurity front, you mentioned ransomware gangs and hackers adopting AI for bigger payouts. What new attack vectors or defensive innovations have emerged that weren’t on your radar at the start of 2025?
FunkSec, an emerging ransomware gang, launched its data leak site (DLS) in 2024, offering custom ransomware to cybercriminals. Their ransomware encrypts all files on a user’s system, generates ransom notes, modifies system environments, and checks for admin/root privileges before execution.
According to CheckPoint Research (CPR), FunkSec is rapidly adding new features, though the code appears to be written by a less experienced developer. Interestingly, CPR notes that their public scripts and Rust source code include detailed comments in perfect English, suggesting the use of a large language model (LLM) to generate scripts and code.
Generative AI is also being leveraged to navigate networks and quickly identify vulnerabilities in a target’s infrastructure. Just as businesses use AI to enhance operations, bad actors are exploiting it to streamline the entire infection chain:
Phishing Emails: AI can mimic a company’s tone and language, enabling the creation of highly convincing phishing emails without requiring fluency in the target’s language.
Malicious Code: Generative AI can produce and refine malicious visual basic for applications (VBA) code, making it more sophisticated and harder to detect — no advanced coding skills required.
This highlights how generative AI is lowering the barrier for entry into cybercrime, enabling more sophisticated and scalable attacks.
Will: You warned about AI hustlers and predicted more sophisticated AI-washing. What’s the most egregious example you’ve encountered this year?
I’ll give an example wrapped in a positive highlight. The U.S. Securities and Exchange Commission (SEC) has made combating AI washing a key enforcement priority. The newly established Cybersecurity and Emerging Technologies Unit (CETU) is tasked with identifying fraud schemes involving false claims about AI capabilities.
One notable case, brought jointly by the SEC and Department of Justice (DOJ), involved the former CEO of Nate, Inc. The company raised $40 million for a shopping app marketed as AI-driven, enabling one-tap online purchases. In reality, contractors in the Philippines and Romania performed the work manually. By claiming their differentiation was AI, the company convinced investors of its potential to scale rapidly and achieve high profitability.
Details: DOJ and SEC Warning Against AI Washing
Will: You predicted continued infrastructure innovations to support AI in 2025. What breakthroughs in GPU, CPU, or storage technology have caught your attention this year?
The price wars! This LinkedIn post has great details about the NVIDIA – AMD GPU wars. NVIDIA has disrupted the cloud GPU ecosystem by creating a “neo-cloud” through partnerships with challengers like CoreWeave, Lambda, and Crusoe. By offering priority chip allocations, equity investments, and its DGX Cloud, NVIDIA has enabled these players to undercut hyperscalers (AWS, Google Cloud, Microsoft) on GPU-hour pricing.
In response, hyperscalers are testing AMD’s MI300X GPUs, which are priced at a fraction of NVIDIA’s H100 and optimized for AI workloads like vLLM inference. Whether AMD’s ROCm and Triton software stack can close the performance gap remains to be seen, but a price war is inevitable. Either AMD gains traction, or NVIDIA’s neo-cloud allies continue to siphon AI workloads, forcing hyperscalers to lower prices.
Will: What’s been the biggest AI development in 2025 that completely blindsided you — something that wasn’t even on your prediction radar?
I did not see a new organization in the Executive Office of the President reworking government agencies with junior workers and generative AI. There were some obvious fails from that exercise, in particular the allegations that 150-year-old individuals were claiming social security.
The explanation was simple but overlooked: the Social Security Administration’s (SSA’s) payment system, built on COBOL, lacks a native date type. Instead, dates are coded relative to a reference point. In the SSA’s implementation, missing or incomplete birth dates default to May 20, 1875. In 2025, anyone with a blank or incomplete date of birth would default to the 1875 date, displaying their age as 150 years old, as noted in a Wired article.
This highlights the risks of deploying AI without fully understanding the underlying data and systems, emphasizing the need for thorough due diligence before drawing conclusions.
Will: If you were writing predictions for 2026 right now, what would be your boldest prediction based on what you’ve observed in the first half of 2025?
I think we will see a massive disruptive incident, either caused by clever AI gangs, or the overconfidence of inexperienced employees emboldened by AI hype. Replacing seasoned staff with generative AI and untrained workers creates a volatile mix, like kindling waiting for a spark to ignite.
This summer, we’re checking in on our TechArena predictions for 2025 to see how they are holding up.
Today, TechArena correspondent Will Torresan sat down with Gina Rosenthal, founder and CEO of Digital Sunshine Solutions, to discuss what she got right in her predictions and what’s taken her by surprise.
Will: On the cybersecurity front, you mentioned ransomware gangs and hackers adopting AI for bigger payouts. What new attack vectors or defensive innovations have emerged that weren’t on your radar at the start of 2025?
FunkSec, an emerging ransomware gang, launched its data leak site (DLS) in 2024, offering custom ransomware to cybercriminals. Their ransomware encrypts all files on a user’s system, generates ransom notes, modifies system environments, and checks for admin/root privileges before execution.
According to CheckPoint Research (CPR), FunkSec is rapidly adding new features, though the code appears to be written by a less experienced developer. Interestingly, CPR notes that their public scripts and Rust source code include detailed comments in perfect English, suggesting the use of a large language model (LLM) to generate scripts and code.
Generative AI is also being leveraged to navigate networks and quickly identify vulnerabilities in a target’s infrastructure. Just as businesses use AI to enhance operations, bad actors are exploiting it to streamline the entire infection chain:
Phishing Emails: AI can mimic a company’s tone and language, enabling the creation of highly convincing phishing emails without requiring fluency in the target’s language.
Malicious Code: Generative AI can produce and refine malicious visual basic for applications (VBA) code, making it more sophisticated and harder to detect — no advanced coding skills required.
This highlights how generative AI is lowering the barrier for entry into cybercrime, enabling more sophisticated and scalable attacks.
Will: You warned about AI hustlers and predicted more sophisticated AI-washing. What’s the most egregious example you’ve encountered this year?
I’ll give an example wrapped in a positive highlight. The U.S. Securities and Exchange Commission (SEC) has made combating AI washing a key enforcement priority. The newly established Cybersecurity and Emerging Technologies Unit (CETU) is tasked with identifying fraud schemes involving false claims about AI capabilities.
One notable case, brought jointly by the SEC and Department of Justice (DOJ), involved the former CEO of Nate, Inc. The company raised $40 million for a shopping app marketed as AI-driven, enabling one-tap online purchases. In reality, contractors in the Philippines and Romania performed the work manually. By claiming their differentiation was AI, the company convinced investors of its potential to scale rapidly and achieve high profitability.
Details: DOJ and SEC Warning Against AI Washing
Will: You predicted continued infrastructure innovations to support AI in 2025. What breakthroughs in GPU, CPU, or storage technology have caught your attention this year?
The price wars! This LinkedIn post has great details about the NVIDIA – AMD GPU wars. NVIDIA has disrupted the cloud GPU ecosystem by creating a “neo-cloud” through partnerships with challengers like CoreWeave, Lambda, and Crusoe. By offering priority chip allocations, equity investments, and its DGX Cloud, NVIDIA has enabled these players to undercut hyperscalers (AWS, Google Cloud, Microsoft) on GPU-hour pricing.
In response, hyperscalers are testing AMD’s MI300X GPUs, which are priced at a fraction of NVIDIA’s H100 and optimized for AI workloads like vLLM inference. Whether AMD’s ROCm and Triton software stack can close the performance gap remains to be seen, but a price war is inevitable. Either AMD gains traction, or NVIDIA’s neo-cloud allies continue to siphon AI workloads, forcing hyperscalers to lower prices.
Will: What’s been the biggest AI development in 2025 that completely blindsided you — something that wasn’t even on your prediction radar?
I did not see a new organization in the Executive Office of the President reworking government agencies with junior workers and generative AI. There were some obvious fails from that exercise, in particular the allegations that 150-year-old individuals were claiming social security.
The explanation was simple but overlooked: the Social Security Administration’s (SSA’s) payment system, built on COBOL, lacks a native date type. Instead, dates are coded relative to a reference point. In the SSA’s implementation, missing or incomplete birth dates default to May 20, 1875. In 2025, anyone with a blank or incomplete date of birth would default to the 1875 date, displaying their age as 150 years old, as noted in a Wired article.
This highlights the risks of deploying AI without fully understanding the underlying data and systems, emphasizing the need for thorough due diligence before drawing conclusions.
Will: If you were writing predictions for 2026 right now, what would be your boldest prediction based on what you’ve observed in the first half of 2025?
I think we will see a massive disruptive incident, either caused by clever AI gangs, or the overconfidence of inexperienced employees emboldened by AI hype. Replacing seasoned staff with generative AI and untrained workers creates a volatile mix, like kindling waiting for a spark to ignite.
.png)
