AI Security Gaps Expose Millions of Secrets as Traditional Frameworks Fall Short
In 2024 and 2025, a wave of AI-related breaches exposed critical vulnerabilities in security frameworks designed for traditional systems. High-profile incidents—including the compromise of the Ultralytics AI library in December 2024, malicious Nx packages leaking 2,349 credentials in August 2025, and ChatGPT vulnerabilities enabling unauthorized data extraction—highlighted a growing disconnect between established security controls and AI-specific threats.
These attacks resulted in 23.77 million leaked secrets in 2024 alone, a 25% increase from the previous year. Notably, the affected organizations had robust security programs, passed audits, and met compliance standards under frameworks like NIST CSF, ISO 27001, and CIS Controls. Yet, these frameworks, developed for conventional IT environments, failed to address AI-driven attack vectors.
Where Traditional Frameworks Fail
- Prompt Injection – Unlike SQL or XSS attacks, prompt injection manipulates AI systems using valid natural language, bypassing input validation controls that scan for syntax patterns.
- Model Poisoning – Attackers corrupt training data during authorized processes, evading integrity controls designed to detect unauthorized modifications.
- AI Supply Chain Risks – Pre-trained models, datasets, and ML frameworks introduce threats that traditional supply chain security controls (e.g., SBOMs, vendor assessments) cannot mitigate.
Real-World Impact
- The Ultralytics breach involved malicious code injected into the build pipeline, slipping past dependency scans.
- ChatGPT vulnerabilities allowed attackers to extract sensitive data through crafted prompts, despite strong network and access controls.
- Malicious Nx packages exploited AI assistants to exfiltrate secrets, weaponizing legitimate functionality in ways existing controls did not anticipate.
The Compliance vs. Security Gap
While compliance remains essential, it no longer guarantees protection. IBM’s 2025 Data Breach Report found that AI-specific attacks take longer to detect due to a lack of established indicators of compromise. Meanwhile, Sysdig’s research revealed a 500% surge in cloud workloads running AI/ML packages in 2024, expanding the attack surface faster than defenses can adapt.
The Path Forward
Organizations must go beyond compliance by:
- Implementing AI-specific controls (e.g., prompt validation, model integrity checks, adversarial robustness testing).
- Updating incident response plans to address AI threats like prompt injection and model poisoning.
- Conducting AI-specific risk assessments to identify blind spots in existing security programs.
Regulatory pressure is increasing, with the EU AI Act (2025) imposing fines up to €35 million or 7% of global revenue for violations. Yet, waiting for frameworks to catch up is not an option—proactive measures are critical as AI adoption accelerates. The threat landscape has evolved; security strategies must evolve with it.
Source: https://thehackernews.com/2025/12/traditional-security-frameworks-leave.html
Nx TPRM report: https://www.rankiteo.com/company/linx
"id": "lin1767038288",
"linkid": "linx",
"type": "Cyber Attack",
"date": "8/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Artificial Intelligence/Software '
'Development',
'name': 'Ultralytics',
'type': 'AI Library Provider'},
{'customers_affected': '2,349 credentials leaked',
'industry': 'Technology/Software Development',
'name': 'Nx Package Users',
'type': 'AI Development Tool Users'},
{'industry': 'Various',
'name': 'ChatGPT Users',
'type': 'AI Assistant Users'}],
'attack_vector': ['Compromised Build Environment',
'Malicious AI Packages',
'Natural Language Input Manipulation',
'AI Development Pipeline Exploitation'],
'data_breach': {'data_exfiltration': 'Yes (via malicious Nx packages and '
'ChatGPT vulnerabilities)',
'number_of_records_exposed': '23.77 million secrets (2024)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (PII, credentials, confidential '
'business information)',
'type_of_data_compromised': ['GitHub Credentials',
'Cloud Credentials',
'AI Credentials',
'User Conversation Histories',
'Sensitive Business Data']},
'date_publicly_disclosed': '2024-2025',
'description': 'In December 2024, the Ultralytics AI library was compromised, '
'installing malicious code for cryptocurrency mining. In '
'August 2025, malicious Nx packages leaked 2,349 GitHub, '
'cloud, and AI credentials. Throughout 2024, ChatGPT '
'vulnerabilities allowed unauthorized extraction of user data '
'from AI memory. These incidents highlight gaps in traditional '
'security frameworks (NIST CSF, ISO 27001, CIS Controls) when '
'defending against AI-specific threats like prompt injection, '
'model poisoning, and AI supply chain attacks.',
'impact': {'brand_reputation_impact': 'Potential erosion of trust in AI '
'systems and affected organizations',
'data_compromised': '23.77 million secrets leaked in 2024 (25% '
'increase from previous year)',
'identity_theft_risk': 'High (exposure of GitHub, cloud, and AI '
'credentials)',
'legal_liabilities': 'Potential violations of EU AI Act (penalties '
'up to €35M or 7% of global revenue)',
'operational_impact': 'AI system manipulation, unauthorized data '
'extraction, resource hijacking',
'systems_affected': ['AI Libraries (Ultralytics)',
'AI Development Tools (Nx Packages)',
'AI Assistants (ChatGPT, Claude Code, Google '
'Gemini CLI)']},
'lessons_learned': 'Traditional security frameworks (NIST CSF, ISO 27001, CIS '
'Controls) are insufficient for AI-specific threats. AI '
'systems introduce attack surfaces (prompt injection, '
"model poisoning, AI supply chain) that don't map to "
'existing control families. Compliance does not equal '
'security for AI systems.',
'motivation': ['Financial Gain (Cryptocurrency Mining)',
'Data Theft',
'AI System Manipulation'],
'post_incident_analysis': {'corrective_actions': ['Implement AI-specific '
'security controls beyond '
'framework requirements',
'Develop AI security '
'expertise within security '
'teams',
'Update incident response '
'plans for AI-specific '
'scenarios',
'Proactively assess and '
'mitigate AI-specific '
'risks'],
'root_causes': ['Gaps in traditional security '
'frameworks for AI-specific '
'threats',
'Lack of AI-specific security '
'controls (prompt validation, '
'model integrity verification)',
'AI supply chain vulnerabilities '
'(compromised build environments, '
'malicious packages)',
'Semantic nature of AI attacks '
'(prompt injection, model '
'poisoning) bypassing traditional '
'controls']},
'recommendations': ['Conduct AI-specific risk assessments separate from '
'traditional security assessments',
'Inventory AI systems in the environment to identify '
'blind spots',
'Implement AI-specific security controls (prompt '
'validation, model integrity verification, adversarial '
'robustness testing)',
'Build AI security expertise within existing security '
'teams',
'Update incident response plans to include AI-specific '
'scenarios (prompt injection, model poisoning)',
'Develop semantic DLP capabilities for unstructured AI '
'conversations',
'Validate pre-trained models, datasets, and ML frameworks '
'for integrity',
'Proactively address AI security gaps rather than waiting '
'for framework updates'],
'references': [{'source': 'IBM Cost of a Data Breach Report 2025'},
{'source': 'Sysdig Research (2024)'},
{'source': 'EU AI Act'},
{'source': 'NIST AI Risk Management Framework'}],
'regulatory_compliance': {'regulations_violated': ['Potential EU AI Act '
'Violations']},
'response': {'enhanced_monitoring': 'AI-specific monitoring for prompt '
'injection and model behavior'},
'title': 'AI Security Framework Gaps and Emerging Threats',
'type': ['Supply Chain Attack',
'Data Breach',
'Cryptocurrency Mining',
'Prompt Injection',
'Model Poisoning'],
'vulnerability_exploited': ['AI-Specific Attack Vectors (Prompt Injection, '
'Model Poisoning)',
'AI Supply Chain Weaknesses',
'Lack of AI-Specific Security Controls']}