Pillar Securitys State Of Attacks On Genai: 90% Of Successful Attacks Seen In The Wild Resulted In Leaked Sensitive Data

On average AI attacks complete in just 42 seconds and include five interactions

TEL AVIV, Israel, Oct. 09, 2024 (GLOBE NEWSWIRE) -- Pillar Security, a pioneering company in GenAI security solutions, today released the industry’s first "State of Attacks on GenAI" research based on real-world analysis of more than 2,000 AI applications. In sharp contrast to earlier opinion and theoretical risk surveys, this data-driven research is based on Pillar's telemetry data derived from data interactions that occurred in production AI-powered applications over the past three months.

Key findings from the report include:

High Success Rate of Data Theft: 90% of successful attacks resulted in the leakage of sensitive data
Alarming Bypass Rate: 20 percent of jailbreak attack attempts successfully bypassed GenAI application guardrails
Rapid Attack Execution: Adversaries require an average of just 42 seconds to execute an attack
Minimal Interaction Needed: Attackers needed only five interactions on average with GenAI applications to complete a successful attack
Widespread Vulnerabilities: Attacks exploited vulnerabilities at every stage of interaction with GenAI systems, underscoring the critical need for comprehensive security measures
Increase in Frequency and Complexity: the analyzed attacks reveal a clear increase in both the frequency and complexity of prompt injection attacks, with users employing more sophisticated techniques and making persistent attempts to bypass safeguards as time progresses

"The widespread adoption of GenAI in organizations has opened a new frontier in cybersecurity," said Dor Sarig, CEO and co-founder of Pillar Security. "Our report goes beyond theoretical risks and, for the first time, shines a light on the actual attacks occurring in the wild, offering organizations actionable insights to fortify their GenAI security posture."

Highlights among the many other insights in the fact-filled report are:

Top Jailbreak Techniques, which include Ignore Previous Instructions--attackers direct AI systems to disregard their initial programming--and Base64 Encoding--malicious prompts encoded to evade security filters
Primary Attacker Motivations are stealing sensitive data, proprietary business information and PII and circumventing content filters to produce disinformation, hate speech, phishing messages and malicious code, among others
Curated and detailed list analyzes top attacks observed in real-world production AI apps
Looking Ahead to 2025, Pillar projects the evolution from chatbots to copilots and autonomous agents, alongside the proliferation of small, locally deployed AI models. This new era of AI adoption democratizes access but further expands attack surfaces, introducing additional security challenges for organizations.

"As we move towards AI agents capable of performing complex tasks and making decisions, the security landscape becomes increasingly complex," explained Sarig. "Organizations must prepare for a surge in AI-targeted attacks by implementing tailored red-teaming exercises and adopting a 'secure by design' approach in their GenAI development process."

The report emphasizes the inadequacy of traditional static security measures in the face of evolving AI threats. "Static controls are no longer sufficient in this dynamic AI-enabled world," added Jason Harrison, Pillar Security CRO. "Organizations must invest in AI security solutions capable of anticipating and responding to emerging threats in real-time, while supporting their governance and cyber policies.”

Pillar’s complete research report on the State of Attacks on GenAI is available on their website.

For more information on AI Security, please visit https://www.pillar.security/resources/buyer-guide.

To schedule a demo, please visit https://www.pillar.security/get-a-demo.

About Pillar Security
Pillar Security provides a unified platform to secure the entire AI lifecycle from development through production to usage. The platform integrates seamlessly with existing controls and workflows, and provides proprietary risk detection models, comprehensive visibility, adaptive runtime protection, robust governance features and cutting-edge adversarial resistance. Pillar's detection and evaluation engines are continuously optimized by training on large datasets of real-world AI app interactions, providing the highest accuracy and precision of AI-related risks.

Contact:
Hadar Yakir
Head of Marketing, Pillar Security
hadar@pillar.security

First published on Thu, Oct 10, 2024

Enjoyed what you've read so far? Great news - there's more to explore!

Stay up to date with the latest news, a vast collection of tech articles including introductory guides, product reviews, trends and more, thought-provoking interviews, hottest AI blogs and entertaining tech memes.

Plus, get access to branded insights such as informative white papers, intriguing case studies, in-depth reports, enlightening videos and exciting events and webinars from industry-leading global brands.

Dive into TechDogs' treasure trove today and Know Your World of technology!

Disclaimer - Reference to any specific product, software or entity does not constitute an endorsement or recommendation by TechDogs nor should any data or content published be relied upon. The views expressed by TechDogs' members and guests are their own and their appearance on our site does not imply an endorsement of them or any entity they represent. Views and opinions expressed by TechDogs' Authors are those of the Authors and do not necessarily reflect the view of TechDogs or any of its officials. While we aim to provide valuable and helpful information, some content on TechDogs' site may not have been thoroughly reviewed for every detail or aspect. We encourage users to verify any information independently where necessary.

Tags:

GenAI Security AI Security AI Attacks Prompt Injection Jailbreak Attacks Data Theft AI Governance AI Risk

Join The Discussion

Crescendo Replaces Traditional CX Dashboards With AI-Native Insights

IGEL Continues Executive Leadership Expansion With Appointment Of Ash Chowdappa As Chief Product & Development Officer

Northwest Registered Agent Unveils The Agent Network Unified System

V2 Communications Launches AI Authority And Earned Media Scaling Capabilities To Help Tech Brands Win In The Age Of AI Search

Eclipse Foundation Unveils Full Agenda For OCX 2026