GenAI Shaping Working Practises, Top Risks for Leaders

share
Header image

GenAI Shaping Working Practises, Top Risks for Leaders

share

Security leaders and practitioners admit GenAI is evolving faster than their teams can secure it.


Enterprise security is struggling to keep pace with the rapid adoption of GenAI, with half of respondents calling for a “strategic pause” to reassess defences.

According to Cobalt’s State of LLM Security Report 2025, 36 percent of security leaders and practitioners admit GenAI is evolving faster than their teams can secure it, raising fears as AI becomes deeply embedded in business processes.

The report found that 72 percent of those surveyed see GenAI-related threats as their top IT risk, yet a third of organisations are still not conducting regular security assessments - such as penetration tests - for their large language model deployments.

Key areas of concern include the disclosure of sensitive data (46 percent), model poisoning or theft (42 percent), and the leakage of training data (37 percent). Also while 69 percent of serious vulnerabilities are resolved across all Cobalt pen tests, only 21 percent of high-severity issues identified in LLM-specific tests are being addressed.

“Threat actors aren’t waiting around, and neither can security teams,” said Gunter Ollmann, CTO, Cobalt. “Our research shows that while GenAI is reshaping how we work, it’s also rewriting the rules of risk. The foundations of security must evolve in parallel, or we risk building tomorrow’s innovation on today’s outdated safeguards.

“Much like the rush to cloud adoption, GenAI has exposed a fundamental gap between innovation and security readiness,” Ollmann added. “Mature controls were not built for a world of LLMs. Security teams must shift from reactive audits to programmatic, proactive AI testing - and fast.”



Written by
Dan Raywood
Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.

Artificial IntelligenceHacking/Hackers/Penetration testers Published: 24 June Written by
Dan Raywood
Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.

Upcoming Events

No events found.

Related content

Cybersecurity implications of Claude Mythos explored by US, UK

Cybersecurity implications of Claude Mythos explored by US, UK

 AI coding tools must not propagate vulnerabilities, says NCSC head

AI coding tools must not propagate vulnerabilities, says NCSC head

 Novel font-rendering attack prevents AI assistants from detecting illicit code

Novel font-rendering attack prevents AI assistants from detecting illicit code
UK regulator probes X for illegal AI-generated sexual images

UK regulator probes X for illegal AI-generated sexual images

 Grok deepfake of minor sparks European regulatory scrutiny of X

Grok deepfake of minor sparks European regulatory scrutiny of X

 Why Firms Can’t Ignore Agentic AI

Why Firms Can’t Ignore Agentic AI
EU watchdog seeks criminal action against Clearview AI

EU watchdog seeks criminal action against Clearview AI