Gartner Identifies Critical AI Security Threats

Gartner has released a document geared towards resource-limited organizations seeking to get the most out of their security investments.

“The introduction of security initiatives by frontier AI companies creates significant noise to an already noisy threat landscape,” said John Watts, VP Analyst at Gartner. “Cybersecurity leaders must be able to find the threat signal in all the noise in order to respond to shifts in the threat landscape.”

Among the highlights, Watts discussed the “AI Application Compromise,” which has become the critical threat section as attackers target the growing number of production-ready public-facing and internal enterprise AI tools. The attack surface has grown to include custom-built agents, third-party integrations and employee-only applications, often exposing sensitive data or credentials when controls are weak.

“Cybersecurity teams need to expand their programs beyond traditional software protections by mapping new attack surfaces introduced by GenAI models or agentic tools,” said Watts.

Securing an AI application does not always mean starting from scratch, according to Watts. There are many AI security startups that offer broader and deeper capabilities as organizations mature and need more security around their use of AI. To address this threat, CISOs are advised to apply secure development life cycle and threat modeling best practices to AI applications. They should also strengthen data security by improving data classification, adopt purpose-based access control (PBAC) and implement runtime monitoring.

The advent of GenAI has dramatically increased the volume, fidelity and accessibility of deepfake creation across voice, video, and images, both as pre-recorded artifacts or generated in real-time. This has expanded the opportunity for attackers to impersonate identities across a range of attack surfaces. Deepfakes can be used to attack biometric authentication processes, can be combined with social engineering in real-time attacks on employees and can be used to subvert recruitment processes.

Cybersecurity teams are advised to look beyond deepfake detection and strengthen controls to protect the integrity of real‑time communications, as well as biometric authentication and verification processes.

Cybersecurity teams should also build comprehensive inventories of software assets while integrating strong controls at every stage of development. These measures help defend against emerging threats that target both traditional applications and modern AI-powered pipelines.

Meanwhile, “Prompt Injection” has become a cybersecurity threat targeting AI systems, especially those using large language models (LLMs). Attackers manipulate prompts to alter the model’s behavior, causing it to leak sensitive information, perform unauthorized actions, or bypass controls. As organizations increasingly adopt GenAI, the risk of prompt injection expands, making it a critical issue for cybersecurity teams.

To effectively counter prompt injection threats, Gartner advises cybersecurity teams to implement a layered mitigation strategy. This involves AI security testing to proactively identify vulnerabilities, establishing strong system prompts to guide AI behavior, and deploying AI runtime guardrails that monitor for and block suspicious activity.

The findings were discussed at a recent event held in National Harbor, Maryland.

Channel Impact^®
Channel partners can provide a variety of useful assistance, such as the establishment f multiple layers of control, in order to counter deepfakes; protect biometric identity verification by focusing on presentation and injection attack detection in addition to contextual signals; secure online meetings by implementing conditional access policies to enforce strong authentication for call participants; and integrate prompt injection testing into the AI system development lifecycle.