GenAI Security Risks
GenAI Security Risks in 2025: 7 Threats Your Security Team Cannot Afford to Ignore
Definition: GenAI (Generative AI) security risks refer to the specific cybersecurity threats, vulnerabilities, and risks that arise from the development, deployment, and use of generative artificial intelligence systems, including large language models (LLMs), AI-powered applications, and agentic AI systems. These risks span data exposure, adversarial manipulation, supply chain vulnerabilities, and the use of GenAI tools to enhance cyberattacks.
GenAI security risks differ fundamentally from traditional software vulnerabilities. Because generative AI models produce probabilistic, context-dependent outputs based on training data and user inputs, the attack surface includes not just code but the model itself, the data it was trained on, and the way users interact with it.
Why GenAI Creates a New Security Paradigm
Traditional application security focuses on finding and patching code vulnerabilities. You identify a bug, you fix it, you deploy the patch. The behavior of the application is deterministic: given the same input, it produces the same output.
GenAI systems break this model. Two similar prompts to the same model might yield very different outputs. The same model might refuse a request under normal conditions but comply if the request is framed differently. A model trained on data that included sensitive information might expose that information in generated outputs under certain conditions. These are not bugs in the traditional sense; they are emergent behaviors rooted in how generative AI works.
A 2025 McKinsey survey found that 88% of organizations now use AI in at least one business function. Yet only 24% of GenAI projects formally consider security, according to an IBM Institute for Business Value survey. Gartner predicts that by 2028, 25% of all enterprise GenAI applications will experience at least five minor security incidents per year, up from 9% in 2025.
The gap between adoption speed and security posture is the defining challenge of GenAI security right now.
The 7 Most Significant GenAI Security Risks
1. Prompt Injection Prompt injection occurs when an attacker manipulates the input to an AI model to override its intended behavior or extract sensitive information. In indirect prompt injection, malicious instructions are embedded in content that the AI is asked to process (a document, a web page, an email) rather than entered directly by the user. The AI treats the embedded instructions as legitimate commands.
The EchoLeak vulnerability (CVE-2025-32711) in Microsoft 365 Copilot demonstrated this risk at scale. Attackers used indirect prompt injection in a Copilot/RAG workflow to automatically exfiltrate data without any user interaction, a zero-click data exfiltration attack.
2. Data Leakage Through LLM Inputs When employees use public GenAI tools for work tasks, they often paste sensitive content into the prompt: customer data, internal strategy documents, source code, financial projections. Most public LLM providers use interaction data for model training or store it in ways that could expose it. Companies have seen internal data appear in LLM outputs long after employees submitted it as training context.
This risk exists for public LLMs. Organizations using private or enterprise AI deployments still need to manage what data flows into their AI systems and through what channels.
3. Training Data Poisoning Attackers can introduce malicious or misleading data into a model’s training dataset, causing the model to produce biased, incorrect, or attacker-controlled outputs. In enterprise contexts, fine-tuning models on internal data creates risk if that data can be manipulated before or during the fine-tuning process. A model trained on poisoned data may behave normally in most contexts while producing predictably incorrect outputs for specific inputs that only the attacker controls.
How to Manage GenAI Security Risks
- Establish AI governance policies. Define which AI tools are approved for use, what data can be processed through them, and what approval process applies to new AI deployments. Include AI usage in your acceptable use policy.
- Implement AI-aware DLP. Configure your DLP tools to detect and control the flow of sensitive data into AI applications and APIs. Some DLP platforms now include specific policies for GenAI interactions.
- Conduct AI security assessments. Before deploying any new AI application, assess it for data handling practices, prompt injection vulnerabilities, access controls, and data retention policies.
- Monitor AI usage. Visibility into what AI tools your employees use, and what data flows into them, is a prerequisite for risk management. API gateway monitoring and browser-based controls can provide this visibility.
- Apply least privilege to AI systems. Agentic AI systems should have only the permissions they need for their defined purpose. An AI assistant that can read your emails should not also have the ability to send emails on your behalf unless that is explicitly required and approved.
- Red-team your AI deployments. Adversarial testing of your AI systems, including prompt injection attempts and model behavior analysis, identifies vulnerabilities before attackers do.