AI systems, like other software systems, face a range of security threats. These issues may arise from inherent weaknesses in the design of AI algorithms, the data used to train the models, or the operational context. Specific examples include:
Toolchain and dependency vulnerabilities that arise unintentionally through the use of automated code-generation tools (e.g., Github Copilot, Python language, OpenCV), deep learning frameworks (e.g., Tensorflow, PyTorch), or as a result of complex interdependencies in the development environment.
External tool and API integration into AI system applications can compromise the trustworthiness and privacy of systems due to their potential unreliability or susceptibility to adversarial control.
Security vulnerabilities in physical and network infrastructure, such as vulnerabilities in graphics processing units, or GPUs, or to sophisticated attacks like side-channel and rowhammer attacks, can lead to unauthorized access or manipulation of model parameters when used during training of AI systems. The use of distributed network systems for training AI systems such as LLMs exposes them to network-specific threats like pulsating attacks or congestion.
Direct manipulation of AI systems such as adversarial attacks and instruction-based attacks. Adversarial attacks focus on altering the model's learning process or extracting its data. They include perturbations designed to deceive models into incorrect outputs, extraction attacks to steal model insights, and poisoning attacks to alter model behavior. Instruction-based attacks manipulate the way the model handles and responds to inputs. Attackers deliberately craft prompts to induce models to produce biased or unsafe outputs (a.k.a. 'jailbreaking'). This manipulation directly targets the operational aspects of AI systems with the intent to cause harm.
Excerpt from the MIT AI Risk Repository full report
Vulnerabilities that can be exploited in AI systems, software development toolchains, and hardware, resulting in unauthorized access, data and privacy breaches, or system manipulation causing unsafe outputs or behavior.
Incident volume relative to governance coverage — each dot is one of 24 subdomains
Entity
Who or what caused the harm
Intent
Whether the harm was intentional or accidental
Timing
Whether the risk is pre- or post-deployment
Security researchers at Wiz discovered a database misconfiguration in Moltbook, an AI agent social network, that exposed 35,000 email addresses, thousands of private messages, and 1.5 million API tokens within 3 minutes of attempting access.
Developers: Moltbook
Deployers: Moltbook, Moltbook Platform Operators
Malicious actors compromised the Nx build system through a supply chain attack that used AI coding assistants (Claude, Gemini, and Amazon Q) to conduct reconnaissance and exfiltrate sensitive data from developer machines.
Developers: Anthropic, Google, Amazon
Deployers: Malicious Actors Compromising Nx's Cicd Pipeline And Publishing Tainted Npm Packages
The Tea dating app, designed to help women share safety information about potential male dating partners, suffered a data breach that exposed 72,000 images including users' government IDs, selfies, and direct messages to hackers who posted the data on 4chan.
Developers: Tea Dating Advice
Deployers: Tea Dating Advice
AI systems that fail to perform reliably or effectively under varying conditions, exposing them to errors and failures that can have significant consequences, especially in critical applications or areas that require moral reasoning.
324 shared governance docs
Inadequate regulatory frameworks and oversight mechanisms that fail to keep pace with AI development, leading to ineffective governance and the inability to manage AI risks appropriately.
304 shared governance docs
Challenges in understanding or explaining the decision-making processes of AI systems, which can lead to mistrust, difficulty in enforcing compliance standards or holding relevant actors accountable for harms, and the inability to identify and correct errors.
251 shared governance docs
AI developers or state-like actors competing in an AI ‘race’ by rapidly developing, deploying, and applying AI systems to maximize strategic or economic advantage, increasing the risk they release unsafe and error-prone systems.
242 shared governance docs
Authorize the Secretary of Defense to establish AI Institutes focused on national security. Directs support for interdisciplinary AI research, partnership, innovation ecosystems, and workforce development.
Facilitates integration of commercial AI for logistics into two Department of Defense exercises in 2026. Directs the Secretary of Defense to brief Congress on exercise specifics and AI integration impact on readiness and operations.
Encourages the Secretaries of Defense, Army, Navy, and Air Force to use AI for auditing financial statements. Requires the Director of the Chief Digital and AI Office to oversee AI adoption for financial management, coordinating with relevant defense officials.