We use cookies to improve user experience and analyze website traffic. By clicking “Accept“, you agree to our website's cookie use as described in our Privacy Policy.
PreferencesDecline AllAccept All

Your Cookie Preferences

We use different types of cookies to optimize your experience on our website. Click on the categories below to learn more about their purposes. You may choose which types of cookies to allow and can change your preferences at any time. Remember that disabling cookies may affect your experience on the website. You can learn more about how we use cookies by visiting our Privacy Policy.

Essential Cookies
Details

These cookies are necessary to the core functionality of our website and some of its features, such as access to secure areas.

Analytics and Customization Cookies
Details

These cookies collect information that can help us understand how our websites are being used. This information can also be used to measure effectiveness in our marketing campaigns or to curate a personalized site experience for you.

Advertising Cookies
Details

These cookies are used to enhance the performance and functionality of our websites but are nonessential to their use. However, without these cookies, certain functionality (like videos)may become unavailable.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Decline AllConfirm my Choices
Back

Essential Cookies

Provider: .providername.com

Name
Purpose
Type
Expires In
__cf_bm
Cloudflare places the cookie on end-user devices that access customer sites protected by Bot Management or Bot Fight Mode.
server_cookie
30 minutes

Provider: .providername.com

Name
Purpose
Type
Expires In
_tibcpv
Used to record unique visitor views of the consent banner.
http_cookie
1 year
Back

Analytics and Customization Cookies

Name
Purpose
Marketo Munchkin
Marketo's custom JavaScript tracking code, called Munchkin, tracks all individuals who visit your website so you can react to their visits with automated marketing campaigns.
Name
Purpose
Google Tag
The Google tag (gtag.js) is a single tag you can add to a website to use a variety of Google products and services (e.g., Google Ads, Google Analytics, Campaign Manager, Display & Video 360, Search Ads 360).
Back

Performance and Functionality Cookies

Name
Purpose
LinkedIn Insight
The LinkedIn Insight Tag is a snippet of JavaScript code that loads a small library of functions you can use to track Linkedin ad-driven visitor activity on your website.
Back

Advertising Cookies

Provider: .providername.com

Name
Purpose
Type
Expires In
__cf_bm
Cloudflare places the cookie on end-user devices that access customer sites protected by Bot Management or Bot Fight Mode.
server_cookie
30 minutes

Provider: .providername.com

Name
Purpose
Type
Expires In
_tibcpv
Used to record unique visitor views of the consent banner.
http_cookie
1 year

Al Security Risks

A taxonomy of the most common Al safety and security threats.

AI Security Necessitates a New Approach

The adoption of AI applications introduces an entirely new set of safety and security risks which differ from traditional cybersecurity challenges. Conventional approaches focus on protecting systems and data from unauthorized access and known vulnerabilities, but do not effectively secure the attack surface of AI applications and their underlying models. New algorithmic attack methodologies only add to this complexity because their patterns are dynamic and scalable.

AI application security necessitates a fundamentally new approach which considers threats to every stage of the AI lifecycle, from data poisoning and model backdoors to prompt injection and sensitive data leakage. We developed this taxonomy to educate organizations on the top risks to AI security today, complete with descriptions, examples, and mitigation techniques.
Risks at different points of the AI lifecycle
Alert/Risk logo
Alert/Risk logo
Alert/Risk logo
Alert/Risk logo
Alert/Risk logo
Alert/Risk logo
Learn where risk is introduced at different points of the Al lifecycle.

Top AI Security and Safety Risks

All Resources
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Production Risk
All Resources

Prompt Injection (Direct)

Direct prompt injections are adversarial attacks that attempts to alter or control the output of an LLM by providing instructions via prompt that override existing instructions. These outputs can include harmful content, misinformation, or extracted sensitive information such as PII or model instructions.

Impact:
Mitigation:

Input / output filtering

Standards:
MITRE ATLAS

AML.T0051.000 - LLM Prompt Injection: Direct

OWASP TOP 10 for LLM Applications

LLM01 - Prompt Injection

Production Risk
All Resources

Prompt Injection (Indirect)

Indirect prompt injection requires an adversary to control or manipulate a resource consumed by an LLM such as a document, website, or content retrieved from a database. This can direct the model to expose data or perform a malicious action like distribution of a phishing link.

Impact:
Mitigation:

Input / output filtering; sanitize data sources

Standards:
MITRE ATLAS

AML.T0051.001 - LLM Prompt Injection: Indirect

OWASP TOP 10 for LLM Applications

LLM01 - Prompt Injection

Production Risk
All Resources

Jailbreaks

A jailbreak refers to any prompt-based attack designed to bypass model safeguards to produce LLM outputs that are inappropriate, harmful, or unaligned with the intended purpose. With well-crafted prompts, adversaries can access restricted functionalities or data, and compromise the integrity of the model itself.

Impact:
Mitigation:

Input / output filtering; guardrails

Standards:
MITRE ATLAS

AML.T0054 - LLM Jailbreak

OWASP TOP 10 for LLM Applications

LLM01 - Prompt Injection

Production Risk
All Resources

Meta Prompt Extraction

Meta prompt extraction attacks aim to derive a system prompt which effectively guides the behavior of a LLM application. This information can be exploited by attackers and harm the intellectual property, competitive advantage, and reputation of a business.

Impact:
Mitigation:

Input / output filtering

Standards:
MITRE ATLAS

AML.T0051.000 - LLM Prompt Injection: Direct

Production Risk
All Resources

Sensitive Information Disclosure

Sensitive information disclosure refers to any instance where confidential or sensitive data such as PII or business records is exposed through vulnerabilities in an AI application. These privacy violations can lead to loss of trust and result in legal or regulatory consequences.

Impact:
Mitigation:

Input / output filtering; sanitize data sources

Standards:
OWASP TOP 10 for LLM Applications

LLM06 - Sensitive Information Disclosure

Production Risk
All Resources

Privacy Attack

A privacy attack refers broadly to any attack aimed at extracting sensitive information from an AI model or its data. This category includes model extraction, which recreates a functionally equivalent model by probing target model outputs, and membership inference attacks, which determine if specific data records were used for model training.

Impact:
Mitigation:

Data scrubbing; input / output filtering

Standards:
MITRE ATLAS

AML.T0024.000 - Infer Training Data Membership

AML.T0024.001 - Invert ML Model

AML.T0024.002 - Extract ML Model

OWASP TOP 10 for LLM Applications

LLM06 - Sensitive Information Disclosure

Development Risk
All Resources

Training Data Poisoning

Training data poisoning is the deliberate manipulation of training data in order to compromise the integrity of an AI model. This can lead to skewed or biased outputs, backdoor trigger insertions—malicious links, for example—and ultimately, a loss of user trust.

Impact:
Mitigation:

Sanitize training data

Standards:
MITRE ATLAS

AML.T0020 - Poison Training Data

OWASP TOP 10 for LLM Applications

LLM03 - Training Data Poisoning

Ready to learn more?

See why we’re the enterprise choice for AI application security.
Get a Demo