Hey everyone!

Our first Hackers Club meetup took place recently and was conducted on Russian. My colleague Kostya, a Principal Engineer at EPAM, and I dove into the dynamic world of cybersecurity, forecasting key trends for 2025 and discussing necessary preparations. The discussion was very insightful, and I’d like to share the main points and conclusions here on the blog.

2025: The Era of AI Agents and New Security Challenges

One of today’s central topics is undoubtedly generative artificial intelligence. As Kostya aptly noted during his presentation, “Generative AI is currently at the peak of hype.” But behind this excitement lie real technological shifts: AI agents are becoming increasingly autonomous and functional. Imagine an AI capable of independently booking trips and interacting with external services and databases. Convenient? Absolutely. However, for security specialists, this signifies the emergence of entirely new attack vectors and potential risks.

We are already observing incidents involving the hacking of public AI bots, leading to both amusing situations and significant financial losses for companies. As the capabilities of such agents expand, the level of risk will only increase.

Furthermore, the concept of “wipe coding”—developing applications with minimal human involvement, where AI handles the bulk of the work—is gaining popularity. This is promising, but it raises a critical question: Who is responsible for the security of machine-generated code, especially if the user doesn’t fully understand all its intricacies? This presents a serious challenge for the industry.

A New Level of Social Engineering and Threats to Biometrics

While traditional social engineering methods required considerable effort and ingenuity, AI elevates them to a fundamentally new level. The ability to generate photos and videos and synthesize voices from short samples—literally just a few seconds of audio—makes phishing and impersonation attacks much more convincing and difficult to detect. Under these conditions, even technologies like voice authentication could be compromised.

From Theory to Practice: Where to Develop Ethical Hacking Skills?

Theoretical knowledge is important, but in cybersecurity, practical application is crucial. So, where can you gain this experience? We focused on platforms like TryHackMe and Hack The Box.

  • TryHackMe: An excellent starting point for beginners. The platform offers structured learning modules, tasks of varying difficulty, and opportunities for teamwork. As I mentioned, “TryHackMe is primarily a platform that allows you to learn.”
  • Hack The Box: Here, according to Kostya, you’ll experience “more free-roaming.” You are given a virtual machine, and your task is to compromise it. This requires more independence and an existing knowledge base, but it closely simulates real-world scenarios.

For me personally, participating in CTFs (Capture The Flag) and learning on these platforms is an engaging process that provides tangible skills and experience. The community also plays a vital role: thematic channel and chat on Telegram, along with collaborating on tasks, are highly motivating and facilitate knowledge sharing.

Hardware Threats: Beyond Software

Think your secure laptop is an impenetrable fortress? The system itself might be protected, but what about peripheral devices? We discussed examples where compromise occurs through connected hardware. Remember the photos of Mark Zuckerberg with tape over his webcam and microphone—that’s not mere paranoia.

And what about USB cables? Imagine a cable identical to a regular charging cable but containing a malicious chip for remote access (“looks like Apple, but with a transmitter…,” as I cited an example). Such devices exist. This means, as Kostya rightly pointed out, “now you can’t just walk up to a stranger and ask for a charger.” Public charging stations also pose potential risks. Gadgets like the Flipper Zero have made hardware hacking more accessible and clearly demonstrated the vulnerabilities of everyday devices.

  • Practical tip: Use a USB Data Blocker (an adapter that only allows power transfer) if you need to charge your device from an unknown source.

What Awaits Us? The AI Race and the Need for Continuous Learning

The future of cybersecurity will largely be defined by the confrontation and interaction with AI. Artificial intelligence is already being used to automate penetration testing, find vulnerabilities, and even create exploits. Predictions (e.g., ai-2027.com) suggest that by 2027, a significant portion of AI applications will be developed using other AIs.

Does this mean the role of humans in cybersecurity will diminish? I don’t think so. Rather, the nature of the tasks will evolve. As I put it during the meetup: “Hacking will be done by humans plus AI, while coding will be done more by AI plus humans.” Routine operations will be automated, but creativity, critical thinking, understanding context, and making strategic decisions will remain the domain of specialists.

We shouldn’t forget the fundamentals either, like the OWASP Top 10—the list of the most common web application vulnerabilities. Importantly, this list is also evolving and already includes risks specific to large language models (LLMs) and AI.

The key takeaway from our discussion, which I want to share, is: Security is a continuous process, not a final destination. Technologies, threats, attack methods, and defenses are constantly changing. AI, cloud environments, and new vectors all require continuous learning, adaptation, and skill improvement. As Kostya aptly noted, “Security is always a game of defense versus attack,” and building effective defenses requires a deep understanding of attackers’ methods.

In Conclusion

Our meetup confirmed once again: cybersecurity is transforming from a niche discipline into a critical competency for a wide range of IT professionals. AI is actively reshaping the threat landscape, social engineering is becoming increasingly sophisticated, and risks can lurk even where least expected (like in an ordinary USB cable).

This isn’t a cause for alarm, but rather a stimulus for action and development. Learn new technologies, practice actively (thankfully, platforms like TryHackMe and Hack The Box make this accessible), participate in CTF competitions, share experiences in professional communities, and stay informed about current threats. Your awareness and practical skills are the foundation of digital security.

I hope this overview of the key points from the meetup was useful. I’d be happy to continue the discussion in our Telegram chat!

Hey everyone! Our first Hackers Club meetup took place recently. My colleague Kostya, a Principal Engineer from EPAM, and I dove into the dynamic world of cybersecurity, trying to forecast the main trends for 2025 and discuss what we should prepare for. The discussion was very insightful, and I’d like to share the key points and conclusions here on the blog.

2025: The Era of AI Agents and New Security Challenges

One of the central topics today is undoubtedly generative artificial intelligence. As Kostya accurately noted during his presentation, “generative AI is currently at the peak of hype.” But behind this excitement are real technological shifts: AI agents are becoming increasingly autonomous and functional. Imagine an AI capable of independently booking trips, interacting with external services and databases. Sounds convenient? Absolutely. However, for security specialists, this means the emergence of entirely new attack vectors and potential risks.

We are already observing incidents involving the hacking of public AI bots, leading to both amusing situations and real financial losses for companies. As the capabilities of such agents expand, the level of risk will only increase.

Furthermore, the concept of “wipe coding” – developing applications with minimal human involvement, where AI does the bulk of the work – is gaining popularity. This is promising, but it raises an important question: who is responsible for the security of machine-generated code, especially if the user doesn’t fully understand all its aspects? This is a serious challenge for the industry.

A New Level of Social Engineering and Threats to Biometrics

While traditional social engineering methods required significant effort and ingenuity, AI takes them to a fundamentally new level. The ability to generate photos, videos, and synthesize voices from short samples, literally just a few seconds of audio, makes phishing and impersonation attacks much more convincing and difficult to detect. Under these conditions, even technologies like voice authentication could be compromised.

From Theory to Practice: Where to Develop Ethical Hacking Skills?

Theoretical knowledge is important, but in cybersecurity, practice is crucial. So, where can you get it? We focused on platforms like TryHackMe and Hack The Box.

  • TryHackMe: A great starting point for beginners. The platform offers structured learning modules, tasks of varying difficulty, and opportunities for teamwork. As I mentioned, “TryHackMe is primarily a platform that allows you to learn.”
  • Hack The Box: Here, according to Kostya, you’ll experience “more free-roaming.” You are given a virtual machine, and your task is to compromise it. This requires more independence and an existing knowledge base, but it closely simulates real-world scenarios.

For me personally, participating in CTFs (Capture The Flag) and learning on these platforms is an engaging process that provides real skills and experience. The community also plays a very important role: thematic channel and chat on Telegram, collaborating on tasks – all this is highly motivating and facilitates knowledge sharing.

Hardware Threats: Not Just Software

Think your secure laptop is an impenetrable fortress? The system itself might be protected, but what about peripheral devices? We discussed examples where compromise occurs through connected hardware. Remember the photos of Mark Zuckerberg with tape over his webcam and microphone – that’s not just paranoia.

And what about USB cables? Imagine a cable that looks identical to a regular charging cable but contains a malicious chip for remote access (“looks like Apple, but with a transmitter…”, as I cited an example). Such devices exist. And this means, as Kostya rightly pointed out, “now you can’t just walk up to a stranger and ask for a charger.” Public charging stations also pose potential risks. Gadgets like the Flipper Zero have made hardware hacking more accessible and clearly demonstrated the vulnerabilities of everyday devices.

  • Practical tip: Use a USB Data Blocker (an adapter that only allows power transfer) if you need to charge your device from an unknown source.

What Awaits Us? The AI Race and the Need for Continuous Learning

The future of cybersecurity will largely be defined by the confrontation and interaction with AI. Artificial intelligence is already being used to automate penetration testing, find vulnerabilities, and even create exploits. There are predictions (e.g., ai-2027.com) that by 2027, a significant portion of AI applications will be developed using other AIs.

Does this mean the role of humans in cybersecurity will diminish? I don’t think so. Rather, the nature of the tasks will change. As I put it during the meetup: “hacking will be done by humans plus AI, while coding will be done more by AI plus humans.” Routine operations will be automated, but creativity, critical thinking, understanding context, and making strategic decisions will remain the domain of specialists.

We shouldn’t forget the fundamentals either, like the OWASP Top 10 – the list of the most common vulnerabilities. Importantly, this list is also evolving and already includes risks specific to large language models (LLMs) and AI.

The key takeaway from our discussion, which I want to share, is: security is a continuous process, not a final destination. Technologies, threats, attack methods, and defenses are constantly changing. AI, cloud environments, new vectors – all require continuous learning, adaptation, and skill improvement. As Kostya rightly noted, “Security is always a game of defense vs attack,” and building effective defenses requires a deep understanding of attackers’ methods.

In Conclusion

Our meetup once again confirmed: cybersecurity is transforming from a niche discipline into a critical competency for a wide range of IT professionals. AI is actively changing the threat landscape, social engineering is becoming increasingly sophisticated, and risks can lurk even where you least expect them (like in an ordinary USB cable).

This isn’t a cause for alarm, but rather a stimulus for action and development. Learn new technologies, practice actively (thankfully, platforms like TryHackMe and Hack The Box make this possible), participate in CTF competitions, share experiences in professional communities, and stay informed about current threats. Your awareness and practical skills are the foundation of digital security.

I hope this overview of the key points from the meetup was useful for you. I’d be happy to continue the discussion in our Telegram chat!