Germany Faces Critical Cybersecurity Vulnerabilities Amid Unapproved AI Usage in Public Sector

Germany's cybersecurity landscape in 2025 is marked by significant risks, as revealed in recent reports from the Bundesamt für Sicherheit in der Informationstechnik (BSI) and a Microsoft-commissioned survey. The BSI's annual report highlights a persistently tense IT security situation across the country, providing a detailed overview of ongoing cyber threats and vulnerabilities. Meanwhile, a Microsoft study exposes a critical security gap due to the widespread use of unapproved AI tools, known as 'shadow AI,' within federal authorities.

According to the Microsoft-Civey survey, 45% of federal employees use AI tools that haven't been officially approved. This practice raises concerns about data breaches and the exploitation of vulnerabilities in the public sector. The perception of cyber threats has intensified, with 63% of government decision-makers considering the threat level high, up from 57% last year, while 87% express worries about foreign cyberattacks targeting critical infrastructure. The general population echoes these concerns, with 67% perceiving AI misuse as a major security problem and 78% believing that critical infrastructure protection is insufficient.

Despite high alertness to these risks, only 43% of users take protective actions such as verifying AI providers or examining user ratings. A notable generational divide exists, as 82% of those aged over 65 feel poorly informed about AI, compared to 55% of younger individuals. Ralf Wigand, Microsoft Germany's National Security Officer, underscores the urgency of adopting vetted AI solutions supported by robust identity protection and automated defense systems.

The Microsoft Digital Defense Report 2025 further points out that public authorities are heavily targeted for cyberattacks, especially concerning digital identities and sensitive information. To enhance cybersecurity, experts recommend measures including enabling multi-factor authentication, utilizing strong passwords, maintaining software updates, and exercising caution with emails and embedded links.

These findings collectively highlight a critical need for improved cybersecurity strategies and greater awareness around AI utilization within Germany's public sector and beyond.