Hackers Are Now Farming Your AI: 91,000+ Attacks Against GenAI Deployments
Security researchers have revealed that real-world attackers are actively targeting production AI systems, recording more than 91,000 attack sessions against deployed generative AI apps and infrastructure. The data shows everything from prompt injection and data exfiltration attempts to direct exploitation of backing APIs and cloud resources behind AI features.
The research breaks down live traffic hitting AI deployments and shows that a significant share of requests are clearly malicious, including attempts to override safety guardrails, steal proprietary training data, scrape embeddings, and pivot into connected systems via exposed model endpoints. Many of these attacks go after the glue around AI – vector databases, API keys, plugins, orchestration layers, and model gateways – not just the LLM itself.
Vendors and cloud providers are starting to ship concrete defenses aimed specifically at these threats: model firewalls to classify and block risky prompts and outputs; AI-specific WAF rulesets; and telemetry that tags traffic as benign, probing, or clearly hostile. Some platforms now expose detailed policies around prompt injection, cross-tenant data leakage, training data exposure, tool abuse, and sensitive-data exfiltration, treating AI pipelines like high-risk microservices rather than “just another feature.”
For developers, this is the wake-up call: if you’ve wired an LLM into your app, you are now running an internet-facing security surface, even if the UI looks like a harmless chat box. That means you need environment separation for AI components, strict outbound allowlists for tools/functions, short-lived credentials for anything the model can call, and logging that can reconstruct a full conversation plus every downstream action it triggered. Threat modeling has to include prompts, system messages, tools, and data flows, not just HTTP endpoints.
The takeaway is simple: AI features are no longer “experimental toys” — they’re high-value targets with real adversaries and real exploitation patterns. If your app uses generative AI in production, you need to treat it like any other critical service: patch fast, lock down secrets, validate every tool call, and put guardrails and monitoring in front of — and behind — your models.
