In 2025, Artificial Intelligence (AI) systems are not only tools for productivity, automation, and advanced analytics—they have also become new attack vectors for cybercriminals. From data manipulation to direct model exploitation, the threat landscape is evolving as rapidly as AI itself. For professionals in cybersecurity, cyberdefense, and technology consulting, understanding these threats isn’t optional—it’s strategic.

Main Attack Vectors for AI in 2025

What follows is an analysis of the primary types of cyberattacks currently being deployed against AI systems.

Data Poisoning

This type of attack aims to inject malicious examples into an AI model’s training data, subtly altering its behavior in dangerous ways. It is especially critical for models that rely on open-source or crowd-sourced datasets, where attackers can manipulate inputs to introduce biases, backdoors, or deliberate errors. Without rigorous data filtering and validation, the model may learn corrupted information, undermining  the system’s reliability and security in production environments.

Adversarial Examples

Adversarial attacks involve making slight, often imperceptible changes to an input—whether it’s an image, text, or audio—to mislead the model. These attacks have been proven effective with single-pixel changes in computer vision. In the physical world, attackers have developed printed patches or clothing with patterns designed to evade AI detection systems. These threats pose serious risks for video surveillance, autonomous vehicles, and any AI system that relies on perception for decision-making.

Model and Data Extraction

Attackers can replicate a model by repeatedly querying its API and reconstructing its logic (known as model stealing), or coax the model into revealing sensitive information from its training data (data leakage). This not only threatens the model’s intellectual property but also the confidentiality of the information it has learned. Language models are particularly vulnerable to prompt engineering techniques, which can expose corporate data, source code, or personal information used during fine-tuning.

Evasion Attacks

Using adversarial generation and automated mutation techniques, attackers are now creating AI-powered polymorphic malware capable of evading detection by EDR or XDR solutions. The code changes dynamically with each execution, making it difficult to detect with static signatures. Additionally, attackers disguise malicious traffic within legitimate patterns to deceive behavior-based detection systems. These threats are already being traded on underground forums and complicate the response to phishing, ransomware, and spyware campaigns that integrate AI components.

Attacks on LLMs (Prompt Injection and Jailbreaks)

Large Language Models (LLMs) like ChatGPT, Claude, or Bard are vulnerable to malicious instructions hidden in prompts. Prompt injection can be direct (through explicit commands) or indirect (embedded in emails, documents, or websites). Techniques like jailbreaking allow attackers to bypass the model’s ethical and security restrictions, leading to inappropriate outputs or the disclosure of private information. These attacks pose a growing risk to corporate virtual assistants and chatbots connected to internal data sources.

Vulnerabilities in AI infrastructure

Vulnerabilities in AI infrastructure
AI systems are not only vulnerable due to their design but also because of the environments in which they operate. Incidents like ShellTorch have shown how inference servers (such as TorchServe or TensorFlow Serving) can contain flaws like unsafe deserialization, insecure model loading, and privilege escalation. Attackers can embed malicious code in a model and compromise the entire system when it’s loaded. This makes it critical for IT teams to apply DevSecOps principles to the model supply chain—validating model integrity and securing MLOps pipelines.

Conclusion: AI Under Attack

Securing AI is not a choice—it’s a necessity. Attacks on models are real, scalable, and profitable for adversaries. In response, companies like Teldat offer solutions that help businesses and public institutions face these risks with technology aligned to the highest standards of security, resilience, and visibility.  In the cybersecurity world of 2025, AI is no longer just an ally—it’s also a target. And protecting it means protecting our digital future.

Teldat, with its native, distributed, and context-aware cybersecurity ecosystem, stands out as a key player in combating these threats—ensuring that AI continues to serve business interests, not work against them.