Security and Risk
AI Security Threat Report
Known vulnerabilities and active threats facing enterprise AI deployments.
Last updated: Q2 2026
OWASP Top 10 for LLM Applications (2025)
1
LLM01:2025 Prompt Injection
Malicious inputs manipulate the model's behavior in unintended ways, including bypassing safety measures or accessing unauthorized functions.
2
LLM02:2025 Sensitive Information Disclosure
LLMs expose confidential data — PII, credentials, business data, or proprietary model details — through their outputs.
3
LLM03:2025 Supply Chain
Vulnerabilities in third-party models, datasets, plugins, or fine-tuning pipelines compromise the integrity of LLM applications.
4
LLM04:2025 Data and Model Poisoning
Training data is manipulated to introduce biases, backdoors, or degraded performance into the model.
5
LLM05:2025 Improper Output Handling
LLM outputs are passed to downstream systems without sufficient validation, enabling XSS, SQL injection, or remote code execution.
6
LLM06:2025 Excessive Agency
LLM agents are granted more permissions, functionality, or autonomy than necessary, enabling unintended or harmful actions.
7
LLM07:2025 System Prompt Leakage
System prompts containing sensitive configuration, credentials, or business logic are exposed to users or attackers.
8
LLM08:2025 Vector and Embedding Weaknesses
Vulnerabilities in RAG and embedding systems allow data poisoning, unauthorized access, or manipulation of model outputs.
9
LLM09:2025 Misinformation
LLMs produce false or misleading information that appears credible, leading to harmful decisions or legal risk.
10
LLM10:2025 Unbounded Consumption
Uncontrolled inference allows attackers to exhaust resources, incur excessive costs, or extract model behavior through repeated queries.
Key Frameworks and Standards
NIST AI Risk Management Framework (AI RMF)
Voluntary US framework for managing AI risks across the full AI lifecycle. The most widely referenced standard for enterprise AI governance.
Applies to: Any organization developing or deploying AI
nist.gov/artificial-intelligence→ISO/IEC 42001:2023
International certifiable standard for AI Management Systems — the AI equivalent of ISO 27001. Increasingly required in enterprise procurement and vendor assessments.
Applies to: Any organization globally; particularly relevant for those already ISO-certified
iso.org/standard/81230.html→MITRE ATLAS
The adversarial threat and tactics framework for AI systems — the AI-specific equivalent of MITRE ATT&CK. Used by security teams to model, detect, and respond to AI-targeted attacks.
Applies to: Security teams, red teams, AI system architects
atlas.mitre.org→Applicability varies by industry, jurisdiction, and whether your organization builds or deploys AI. For compliance-specific guidance, see the Legislation page.
Stay ahead of the enterprise AI curve
Get the weekly C-Suite Brief: the data and decisions that matter for AI transformation leaders.
No spam. Unsubscribe anytime. Read by C-Suite and AI transformation leaders.