Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors

Where Traditional Frameworks Stop and AI Threats Begin

In December 2024, the Ultralytics AI library was compromised, installing malicious code for cryptocurrency mining, and in August 2025, malicious Nx packages leaked 2,349 GitHub, cloud, and AI credentials. These incidents demonstrate that even organizations with robust security programs are vulnerable to AI-specific attacks.

Traditional security frameworks, while effective for conventional systems, fall short when applied to AI due to fundamentally different attack surfaces and methods. The result was a staggering 23.77 million secrets leaked through AI systems in 2024, a 25% increase from the prior year, indicating a growing and significant threat.

Why This Matters

Existing security frameworks like NIST CSF, ISO 27001, and CIS Controls were designed for a different threat landscape and lack specific guidance on AI vulnerabilities. This leaves organizations with a false sense of security, as compliance doesn’t guarantee protection against novel attacks like prompt injection and model poisoning, potentially leading to substantial data breaches and financial losses.

Key Insights

• 23.77 million secrets leaked: The total number of secrets compromised through AI systems in 2024.
• Prompt Injection: Attacks exploiting natural language processing to bypass security controls, unlike traditional input validation methods.
• Model Poisoning: A data-level attack that corrupts AI models during the training process, circumventing traditional system integrity checks.

Practical Applications

• Use Case: Financial institutions employing ChatGPT for customer service must implement prompt validation to prevent data leakage through malicious queries.
• Pitfall: Relying solely on traditional vulnerability scanning for AI systems, as it won’t detect attacks targeting model behavior or training data.

References:

• https://thehackernews.com/2025/12/traditional-security-frameworks-leave.html