What are the main AI security threats in 2025?

The primary threats are prompt injection (manipulating LLM behavior through crafted inputs), data poisoning (corrupting training data), model extraction (stealing model functionality), supply chain attacks (compromising third-party components), and AI-powered social engineering.

How is AI security different from traditional cybersecurity?

Traditional security deals with discrete flaws—a vulnerability exists or doesn't. AI security operates probabilistically where vulnerabilities emerge from learned behaviors and statistical patterns. You can't patch a vulnerability when the 'vulnerability' is how the model learned from data.

What frameworks exist for AI security assessment?

Key frameworks include MITRE ATLAS (adversarial threat landscape), OWASP LLM Top 10 (common LLM vulnerabilities), NIST AI RMF (risk management), and AATMF (adversarial AI threat modeling). These provide structured approaches to identifying and addressing AI risks.

AI Security Wiki

Q: What is AI security?

AI security encompasses practices, methodologies, and technologies used to protect artificial intelligence systems from adversarial manipulation, unauthorized access, and malicious exploitation. It differs from traditional security because AI systems learn from data rather than following explicit programming.

What Is AI Security?

AI security encompasses the practices, methodologies, and technologies used to protect artificial intelligence systems from adversarial manipulation, unauthorized access, and malicious exploitation. As AI systems become deeply embedded in critical infrastructure, financial services, healthcare, and national security applications, securing these systems has evolved from an academic curiosity into an operational imperative.

Unlike traditional software security, AI security must contend with systems that learn, adapt, and make decisions based on patterns in data rather than explicit programming logic. This fundamental difference creates entirely new attack surfaces. An attacker doesn't need to find a buffer overflow or SQL injection vulnerability—they can manipulate the model's behavior through carefully crafted inputs, poisoned training data, or exploitation of the model's learned assumptions.

The field sits at the intersection of machine learning, cybersecurity, and adversarial research. Practitioners must understand both how AI systems work internally and how attackers think about exploiting them.

Why This Wiki Exists

The AI security landscape is fragmented. Research papers are locked behind academic paywalls. Vendor documentation focuses on their specific tools. Blog posts vary wildly in quality and accuracy. Security teams trying to assess AI risks find themselves piecing together information from dozens of sources, many of which contradict each other.

This wiki provides a single authoritative reference—built by practitioners, grounded in real-world testing, and continuously updated as the threat landscape evolves.

Clear Definitions

Suitable for citation in reports and documentation

Technical Depth

Detailed coverage for security practitioners

Practical Examples

Real-world scenarios from production systems

Framework Mappings

Cross-references to MITRE ATLAS, OWASP

Navigating the Wiki

📚

Concepts

Foundational definitions and theoretical frameworks. Start here if you're new to AI security.

• Large Language Models

Attacks

Tactical techniques used to compromise AI systems. Each entry covers mechanism, detection, and examples.

• Indirect Prompt Injection

Defenses

Countermeasures, controls, and architectural patterns for securing AI systems.

The Threat Landscape in 2025

AI security threats have matured rapidly. What began as researchers demonstrating theoretical attacks has evolved into documented exploitation in production systems.

Prompt Injection

The defining vulnerability class for LLM-integrated applications. When applications pass untrusted content to language models, attackers can embed instructions that hijack model behavior. This isn't a bug that can be patched; it's an architectural challenge.

Supply Chain Attacks

Targeting AI systems through third-party models, datasets, and fine-tuning services. A compromised training dataset or backdoored model weights can persist through multiple downstream deployments.

Model Extraction

Threatens intellectual property of organizations with proprietary AI capabilities. Attackers can reconstruct model functionality through systematic querying, stealing months of training work through API access alone.

AI-Powered Attacks

Attackers now use AI systems to generate phishing content, discover vulnerabilities, and adapt attack strategies in real-time. The defender's challenge has grown exponentially.

Free Download

AI Security Taxonomy Poster (PDF)

Visual reference of AI attack vectors, defense patterns, and framework mappings.

Complete attack taxonomy visualization
Defense pattern quick reference
MITRE ATLAS mapping chart
OWASP LLM Top 10 crosswalk