AI Security Challenges Emerging in Production Deployments

The article discusses how AI security issues are being discovered in real-world production deployments, with common problems like prompt injection, excessive agent permissions, and unsanctioned AI tools used by employees.

Details

The article examines data on AI security incidents from 2025 to the present, which suggests that many of the issues being discovered are not advanced attacks, but rather basic security gaps. These include problems like prompt injection through external data, agents with overly permissive access, and the proliferation of unsanctioned AI tools used by employees. The incident data shows prompt injection is a common issue in production AI deployments, and there has been a noticeable increase in attacks exploiting these basic weaknesses, partly because AI is making it easier for attackers to find vulnerabilities faster. The article notes that only a small portion of companies have dedicated AI security teams, and in many cases, AI security is not even owned by the security organization. The challenge is that traditional security knowledge only gets you part of the way, as the details of AI security are different enough that standard instincts and approaches don't fully apply. While frameworks and guidance are emerging to address AI-specific security, the number of people who can effectively apply this knowledge remains limited.