{"id":221314,"date":"2026-05-27T11:14:00","date_gmt":"2026-05-27T15:14:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/27\/leading-ai-models-are-more-vulnerable-to-malicious-prompts-than-vendors-claim\/"},"modified":"2026-05-27T17:25:25","modified_gmt":"2026-05-27T21:25:25","slug":"leading-ai-models-are-more-vulnerable-to-malicious-prompts-than-vendors-claim","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/27\/leading-ai-models-are-more-vulnerable-to-malicious-prompts-than-vendors-claim\/","title":{"rendered":"Leading AI models are more vulnerable to malicious prompts than vendors claim"},"content":{"rendered":"<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/cisco-ai-models-research-multi-turn-prompt-attacks\/821211\/\">Leading AI models are more vulnerable to malicious prompts than vendors claim<\/a><\/p>\n<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/cisco-ai-models-research-multi-turn-prompt-attacks\/821211\/\">https:\/\/www.cybersecuritydive.com\/news\/cisco-ai-models-research-multi-turn-prompt-attacks\/821211\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-27 11:14:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.cybersecuritydive.com\">www.cybersecuritydive.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>Dive Brief:<\/p>\n<p>Major AI developers\u2019 model-safety claims rest on incorrect assumptions about how hackers behave, Cisco researchers said in a report published on Wednesday.<br \/>\nAI vendors assume that their models are safe from hijacking if they can fend off a single malicious prompt at a time, but hackers are increasingly using multistage prompts to evade model defenses, Cisco said, and most models aren\u2019t prepared for those kinds of attacks.<br \/>\nThe new report illustrates a mostly underappreciated danger lurking inside AI models, one that could expose businesses using these tools to a wide range of disruptions and harm.<\/p>\n<p>Dive Insight:<br \/>\nCisco\u2019s evaluation of 15 leading AI models from OpenAI, Anthropic, Google, Amazon and xAI \u201cfound that single-turn attack success rate (ASR) is not a reliable proxy for what happens when an attacker can adapt across turns,\u201d researchers Nicholas Conley and Amy Chang wrote. Their tests revealed that AI models were much more susceptible to multi-turn malicious prompts \u2014 success rates ranged from 8% to 88%, compared with a range of 2% to 65% for single-turn prompts.<br \/>\n\u201cEvery model we tested exhibited non-trivial multi-turn ASR,\u201d Conley and Chang wrote.<br \/>\nThe two researchers previously collaborated on a November 2025 report that found open-weight AI models were between two and 10 times as vulnerable to multi-turn attacks as they were to single-turn attacks.<br \/>\n\u201cThe pattern we documented in open models holds in closed ones,\u201d they wrote in their new study. \u201cNo frontier closed model in this cohort can be characterized as safe under iterative attack. This is a claim about the current state of the closed-model frontier, not about any single vendor.\u201d<br \/>\nOne of the study\u2019s most significant findings was a correlation between AI companies\u2019 priorities and their models\u2019 safety. Conley and Chang found that AI developers that publicly emphasized their models\u2019 increasing power produced models with the biggest gap between vulnerability to single-turn attacks and vulnerability to multi-turn attacks. Developers whose public statements emphasized model safety had smaller disparities, suggesting a more concerted effort to minimize risks.<br \/>\nThe researchers tested five strategies: role-playing, misdirecting models, information decomposition, reframing model refusals and incremental escalation. An xAI model, Grok 4.1 Fast Non-Reasoning, performed the worst, with researchers succeeding in 88% of their multi-turn attacks. (They succeeded in 34% of single-turn attacks against the model.) The best-performing model, Amazon\u2019s Nova 2 Lite, only failed to withstand 8% of multistage attacks, although the researchers said that that figure \u201cstill represents meaningful residual risk.\u201d<br \/>\nConley and Chang noted that Grok 4.1 performed significantly better with reasoning enabled, suggesting that AI vendors should \u201cdocument the safety-relevant effects\u201d of configuration decisions like reasoning status.<br \/>\nOpenAI, Anthropic, Google, Amazon and xAI did not immediately respond to requests for comment.<br \/>\nVendors need to rethink how they evaluate AI model safety, the researchers said, and businesses need more information about potential gaps between models\u2019 single-turn and multi-turn attack resilience.<br \/>\n\u201cFor business decisions made on the basis of published single-turn scores, this presents security and governance risk,\u201d Conley and Chang wrote. \u201cA model with 2.74% single-turn ASR is not the same product as a model that holds the line at 24.68% multi-turn ASR. Without paired-regime data, the two are indistinguishable on most public evaluations, and the end user never sees the gap.\u201d<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Leading AI models are more vulnerable to malicious prompts than vendors claim https:\/\/www.cybersecuritydive.com\/news\/cisco-ai-models-research-multi-turn-prompt-attacks\/821211\/ Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":221315,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/gnH9hbUyesKuLnc3MydEnbESbDX2sLEh6TFw-HAj8r4\/g:ce\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS9HZXR0eUltYWdlcy0yMTk2MTM5NTU5LmpwZw==.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,27],"class_list":["post-221314","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/221314"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=221314"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/221314\/revisions"}],"predecessor-version":[{"id":221316,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/221314\/revisions\/221316"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/221315"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=221314"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=221314"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=221314"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}