AI systems, like other software systems, face a range of security threats. These issues may arise from inherent weaknesses in the design of AI algorithms, the data used to train the models, or the operational context. Specific examples include:
Toolchain and dependency vulnerabilities that arise unintentionally through the use of automated code-generation tools (e.g., Github Copilot, Python language, OpenCV), deep learning frameworks (e.g., Tensorflow, PyTorch), or as a result of complex interdependencies in the development environment.
External tool and API integration into AI system applications can compromise the trustworthiness and privacy of systems due to their potential unreliability or susceptibility to adversarial control.
Security vulnerabilities in physical and network infrastructure, such as vulnerabilities in graphics processing units, or GPUs, or to sophisticated attacks like side-channel and rowhammer attacks, can lead to unauthorized access or manipulation of model parameters when used during training of AI systems. The use of distributed network systems for training AI systems such as LLMs exposes them to network-specific threats like pulsating attacks or congestion.
Direct manipulation of AI systems such as adversarial attacks and instruction-based attacks. Adversarial attacks focus on altering the model's learning process or extracting its data. They include perturbations designed to deceive models into incorrect outputs, extraction attacks to steal model insights, and poisoning attacks to alter model behavior. Instruction-based attacks manipulate the way the model handles and responds to inputs. Attackers deliberately craft prompts to induce models to produce biased or unsafe outputs (a.k.a. 'jailbreaking'). This manipulation directly targets the operational aspects of AI systems with the intent to cause harm.
Excerpt from the MIT AI Risk Repository full report
Vulnerabilities that can be exploited in AI systems, software development toolchains, and hardware, resulting in unauthorized access, data and privacy breaches, or system manipulation causing unsafe outputs or behavior.
Incident volume relative to governance coverage; each dot is one of 24 subdomains
Entity
Who or what caused the harm
Intent
Whether the harm was intentional or accidental
Timing
Whether the risk is pre- or post-deployment
An autonomous AI security testing agent successfully compromised McKinsey's internal AI platform Lilli within 2 hours, gaining full read and write access to the production database containing 46.5 million chat messages, 728,000 files, and 57,000 user accounts through an unauthenticated SQL injection vulnerability.
Developers: Mckinsey And Company, Codewall
Deployers: Mckinsey And Company, Codewall
Three Chinese AI labs (DeepSeek, Moonshot, and MiniMax) conducted large-scale distillation attacks against Anthropic's Claude model, using over 24,000 fraudulent accounts to generate 16+ million exchanges and extract capabilities for their own models.
Developers: Anthropic
Deployers: Deepseek, Moonshot AI, Minimax, Proxy Reseller Services
A software engineer using an AI coding assistant to reverse-engineer his DJI robot vacuum's communication system inadvertently gained access to live camera feeds, microphone audio, maps, and status data from nearly 7,000 other vacuums across 24 countries due to a backend security vulnerability.
Developers: Dji
Deployers: Dji
AI systems that fail to perform reliably or effectively under varying conditions, exposing them to errors and failures that can have significant consequences, especially in critical applications or areas that require moral reasoning.
341 shared governance docs
Inadequate regulatory frameworks and oversight mechanisms that fail to keep pace with AI development, leading to ineffective governance and the inability to manage AI risks appropriately.
323 shared governance docs
Challenges in understanding or explaining the decision-making processes of AI systems, which can lead to mistrust, difficulty in enforcing compliance standards or holding relevant actors accountable for harms, and the inability to identify and correct errors.
262 shared governance docs
AI developers or state-like actors competing in an AI ‘race’ by rapidly developing, deploying, and applying AI systems to maximize strategic or economic advantage, increasing the risk they release unsafe and error-prone systems.
256 shared governance docs
Authorize the Secretary of Defense to establish AI Institutes focused on national security. Directs support for interdisciplinary AI research, partnership, innovation ecosystems, and workforce development.
Facilitates integration of commercial AI for logistics into two Department of Defense exercises in 2026. Directs the Secretary of Defense to brief Congress on exercise specifics and AI integration impact on readiness and operations.
Encourages the Secretaries of Defense, Army, Navy, and Air Force to use AI for auditing financial statements. Requires the Director of the Chief Digital and AI Office to oversee AI adoption for financial management, coordinating with relevant defense officials.