“AI parts — e.g., LLM, RAG — are embedded within the software program provide chain, making them a brand new frontier for stylish assaults,” Garraghan advised CSO. “As OWASP LLM 03:2025 factors out, LLMs regularly combine with exterior APIs and information sources, introducing vital dangers by these dependencies.”
Merely encouraging safe coding practices, nonetheless, just isn’t sufficient.
“CISOs should undertake a proactive security posture that features steady AI utility testing, software program invoice of supplies transparency, and automatic menace detection throughout the AI growth lifecycle,” Garraghan suggested.