As one of the defining technologies of this century, artificial intelligence (AI) seems to witness daily advancements with new entrants to the field, technological breakthroughs, andcreative and innovative applications. The landscape for AI security shares the same breakneck pace with streams of newly proposed legislation, novel vulnerability discoveries, and emerging threat vectors.

While the speed of change is exciting, it creates practical barriers for enterprise AI adoption. As ourCisco 2024 AI Readiness Indexpoints out, concerns about AI security are frequently cited by business leaders as a primary roadblock to embracing the full potential of AI in their organizations.

That's why we're excited to introduce our inauguralState of AI Security report. It provides a succinct, straightforward overview of some of the most important developments in AI security from the past year, along with trends and predictions for the year ahead. The report also shares clear recommendations for organizations looking to improve their own AI security strategies, and highlights some of the ways Cisco is investing in a safer future for AI.

Here's an overview of what you'll find in our first State of AI Security report: 

Evolution of the AI Threat Landscape

The rapid proliferation of AI and AI-enabled technologies has introduced a massive new attack surface that security leaders are only beginning to contend with. 

Risk exists at virtually every step across the entire AI development lifecycle; AI assets can be directly compromised by an adversary or discreetly compromised though a vulnerability in the AI supply chain. The State of AI Security report examines severalAI-specific attack vectorsincluding prompt injection attacks, data poisoning, and data extraction attacks. It also reflects onthe use of AI by adversaries to improve cyber operationslike social engineering, supported by research from Cisco Talos.

Looking at the year ahead, cutting-edge advancements in AI will undoubtedly introduce new risks for security leaders to be aware of. For example, the rise ofagentic AIwhich can act autonomously without constant human supervision seems ripe for exploitation. On the other hand, thescale of social engineeringthreatens to grow tremendously, exacerbated by powerful multimodal AI tools in the wrong hands. 

Key Developments in AI Policy 

The past year has seen significant advancements in AI policy, both domestically and internationally. 

In the United States, a fragmented state-by-state approach has emerged in the absence of federal regulations withover 700 AI-related bills introduced in 2024 alone.Meanwhile, international efforts have led to key developments, such as theUK and Canada's collaborationon AI safety and theEuropean Union's AI Act, which came into force in August 2024 to set a precedent for global AI governance. 

Early actions in 2025 suggest greater focus towards effectively balancing the need for AI security with accelerating the speed of innovation. Recent examples includePresident Trump's executive orderand growing support for a pro-innovation environment, which aligns well with themes from the AI Action Summit held in Paris in February and the U.K.'s recent AI Opportunities Action Plan.

Original AI Security Research 

The Cisco AI security research team has led and contributed to several pieces of groundbreaking research which are highlighted in the State of AI Security report. 

Research intoalgorithmic jailbreakingof large language models (LLMs) demonstrates how adversaries can bypass model protections with zero human supervision. This technique can be used to exfiltrate sensitive data and disrupt AI services.  More recently, the team exploredautomated jailbreaking of advanced reasoning modelslike DeepSeek R1, to demonstrate that even reasoning models can still fall victim to traditional jailbreaking techniques. 

The team also explores thesafety and security risks of fine-tuning models. While fine-tuning is a popular method for improving the contextual relevance of AI, many are unaware of the inadvertent consequences like model misalignment. 

Finally, the report reviews two pieces of original research intopoisoning public datasetsand extracting training datafrom LLMs. These studies shed light on how easily-and cost-effectively-a bad actor can tamper with or exfiltrate data from enterprise AI applications. 

Recommendations for AI Security 

Securing AI systems requires a proactive and comprehensive approach.  

The State of AI Security report outlines several actionable recommendations, including managing security risks throughout the AI lifecycle, implementing strong access controls, and adopting AI security standards such as the NIST AI Risk Management Framework and MITRE ATLAS matrix. We also look at how Cisco AI Defense can help businesses adhere to these best practices and mitigate AI risk from development to deployment. 

Read the State of AI Security 2025

Ready to read the full report? You can find it here. 

We'd love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!