AI as a double-edged sword
AI adoption is accelerating fast - driven by large language models (LLMs), autonomous agents, and deep integration into business processes. As value increases, so does the attack surface. AI security is therefore becoming a strategic priority for organizations.
While the public debate often centers on models like ChatGPT or Claude, the real productivity leap is happening in agent-based systems: AI agents execute tasks independently, call APIs, communicate with each other, and make operational decisions. This is also where a new - and still underestimated - attack surface emerges. In complex environments, AI systems can develop emergent goals that are unexpected, yet logically follow from their algorithms and original objectives.
A key shift is becoming clear: one of the largest risks is not sophisticated attacks against AI systems, but everyday usage. Before AI-enabled workflows or agents are targeted, sensitive information often leaves organizations through seemingly harmless, uncontrolled prompts in public AI tools.
And this is not limited to browser usage. In many companies, employees or business units integrate AI via APIs directly into applications. Without clear API security controls, additional attack vectors emerge - often invisible to traditional security tooling.
At the same time, targeted attacks against AI systems are increasing. As LLMs and agents become decision points in workflows, they turn into attractive targets - especially in cloud environments. AI security is an interdisciplinary field focused on preventing accidents, misuse, and other harmful consequences of AI systems.
The most underestimated risk: Unreviewed AI use in daily work
A typical scenario: a consulting firm is preparing a proposal for a large enterprise customer. The document is under NDA and contains sensitive information - pricing, internal delivery models, strategic assumptions. To save time, an employee copies sections into a public AI tool to “polish the language” or summarize it.
What is well-intended can, in the worst case, become a major case of information leakage. Many free AI services store prompts - whether for training, analytics, or quality assurance. Without an enterprise agreement or explicit opt-out, an organization has limited control over retention, processing location, and whether the data could later surface in responses to third parties.
This is not hypothetical. Contract drafts, HR data, source code, architecture diagrams, or API keys regularly end up in public LLMs - often without security or legal teams noticing. Usage happens in the browser, outside classic IT controls, and is neither logged nor monitored.
The consequences can be severe: violations of GDPR and the Swiss nFADP, breaches of contractual confidentiality obligations, and significant reputational damage - because once data has left, it cannot be recalled, even if internal use is later restricted.
In short: uncontrolled AI usage is already one of the most frequent causes of unintended data leakage in knowledge-intensive organizations - and still widely underestimated.
Top 5 AI attack vectors in 2025
Beyond risks from uncontrolled usage, 2025 has put targeted attacks on AI systems, models, and APIs firmly on the agenda. These attacks vary in intent: adversaries use AI systems to bypass controls, steal data, or trigger misbehavior - while defenders increasingly deploy AI to detect and mitigate threats earlier. In modern AI application environments, API attacks, prompt injection, and identity abuse are among the most common threats.
#1: VePrompt injection (direct / indirect)
#2: Data exfiltration via agents
#3: AI-powered reconnaissance and phishing
#4: API and identity attacks
#5: Agent-to-agent prompt injection (Agent2Agent)
What organizations can do: securing AI systems effectively
AI security requires protecting both the AI systems and the people using them. Since AI applications, LLMs, agents, and APIs introduce new attack surfaces, a layered approach is most effective:
Build transparency (AI inventory)
Establish clear policies and governance
Secure identities and permissions
Implement runtime controls
Train employees
Apply continuous validation and monitoring
With the right combination of transparency, governance, technical controls, and awareness, organizations can significantly reduce the AI attack surface - without limiting productive AI adoption.
How Consulteer InCyber can support
Consulteer InCyber supports organizations with end-to-end AI security - from securing AI systems and APIs to strategic advisory on governance, compliance, and modern security architectures. With our Managed SASE and Managed WAAP services, we secure both access to AI services and the back ends, APIs, and agent workflows - together with our partners Wallarm and Cato Networks.
We also provide focused advisory to build governance structures, identify risks such as shadow AI and agent exposure, and implement policies, security requirements, and compliance standards. In addition, we support training and awareness programs - so employees and processes remain protected in daily operations.
As a Swiss cybersecurity specialist, we combine SASE, IAM, web, API, and AI security to enable responsible, compliant AI adoption - without productivity trade-offs.
Contact us for a non-binding initial conversation on AI security.
