In 2025, Artificial Intelligence (AI) systems are not only tools for productivity, automation, and advanced analyticsโthey have also become new attack vectors for cybercriminals. From data manipulation to direct model exploitation, the threat landscape is evolving as rapidly as AI itself. For professionals in cybersecurity, cyberdefense, and technology consulting, understanding these threats isnโt optionalโitโs strategic.
Main Attack Vectors for AI in 2025
What follows is an analysis of the primary types of cyberattacks currently being deployed against AI systems.
Data Poisoning
This type of attack aims to inject malicious examples into an AI modelโs training data, subtly altering its behavior in dangerous ways. It is especially critical for models that rely on open-source or crowd-sourced datasets, where attackers can manipulate inputs to introduce biases, backdoors, or deliberate errors. Without rigorous data filtering and validation, the model may learn corrupted information, underminingย the systemโs reliability and security in production environments.
Adversarial Examples
Adversarial attacks involve making slight, often imperceptible changes to an inputโwhether itโs an image, text, or audioโto mislead the model. These attacks have been proven effective with single-pixel changes in computer vision. In the physical world, attackers have developed printed patches or clothing with patterns designed to evade AI detection systems. These threats pose serious risks for video surveillance, autonomous vehicles, and any AI system that relies on perception for decision-making.
Model and Data Extraction
Attackers can replicate a model by repeatedly querying its API and reconstructing its logic (known as model stealing), or coax the model into revealing sensitive information from its training data (data leakage). This not only threatens the modelโs intellectual property but also the confidentiality of the information it has learned. Language models are particularly vulnerable to prompt engineering techniques, which can expose corporate data, source code, or personal information used during fine-tuning.
Evasion Attacks
Using adversarial generation and automated mutation techniques, attackers are now creating AI-powered polymorphic malware capable of evading detection by EDR or XDR solutions. The code changes dynamically with each execution, making it difficult to detect with static signatures. Additionally, attackers disguise malicious traffic within legitimate patterns to deceive behavior-based detection systems. These threats are already being traded on underground forums and complicate the response to phishing, ransomware, and spyware campaigns that integrate AI components.
Attacks on LLMs (Prompt Injection and Jailbreaks)
Large Language Models (LLMs) like ChatGPT, Claude, or Bard are vulnerable to malicious instructions hidden in prompts. Prompt injection can be direct (through explicit commands) or indirect (embedded in emails, documents, or websites). Techniques like jailbreaking allow attackers to bypass the modelโs ethical and security restrictions, leading to inappropriate outputs or the disclosure of private information. These attacks pose a growing risk to corporate virtual assistants and chatbots connected to internal data sources.
Vulnerabilities in AI infrastructure
Vulnerabilities in AI infrastructure
AI systems are not only vulnerable due to their design but also because of the environments in which they operate. Incidents like ShellTorch have shown how inference servers (such as TorchServe or TensorFlow Serving) can contain flaws like unsafe deserialization, insecure model loading, and privilege escalation. Attackers can embed malicious code in a model and compromise the entire system when itโs loaded. This makes it critical for IT teams to apply DevSecOps principles to the model supply chainโvalidating model integrity and securing MLOps pipelines.
Conclusion: AI Under Attack
Securing AI is not a choiceโitโs a necessity. Attacks on models are real, scalable, and profitable for adversaries. In response, companies like Teldat offer solutions that help businesses and public institutions face these risks with technology aligned to the highest standards of security, resilience, and visibility.ย In the cybersecurity world of 2025, AI is no longer just an allyโitโs also a target. And protecting it means protecting our digital future.
Teldat, with its native, distributed, and context-aware cybersecurity ecosystem, stands out as a key player in combating these threatsโensuring that AI continues to serve business interests, not work against them.