Hackers are increasingly targeting AI infrastructure and systems through classic vulnerabilities and new AI-specific attacks.
Hackers are increasingly targeting the foundations of AI infrastructure. This is evident from the Trend Micro State of AI Security Report for the first half of 2025. As a result, the security sector is now embracing AI as a relevant attack vector. For example, AI-specific targets were tested for the first time during the Pwn2Own hacking event in Berlin.
This yielded results. Researchers discovered 28 new zero-day vulnerabilities, seven of which were specific to AI components. These included vector databases like Chroma DB, inference servers like Nvidia Triton, and key-value stores like Redis. Many of these systems were found to be unprotected and accessible via the internet or used outdated software modules, allowing attackers relatively easy access.
Trend Micro points out that seven vulnerabilities were specifically linked to AI infrastructure. The other bugs had a broader impact and were not exclusively tied to AI, but were part of the AI infrastructure stack.
AI-specific Vulnerabilities
In addition to these attacks on the infrastructure itself, AI-specific vulnerabilities are also increasing. The report warns of advanced prompt injections, where attackers hide commands in content that AI agents automatically process. Also, stored prompt injections, where malicious instructions are stored in databases or vector stores, pose a risk.
Vulnerabilities like CVE-2025-32711 in Microsoft 365 Copilot also demonstrate that AI agents are susceptible to AI command injections, which can lead to data theft. Techniques such as Prompt Leakage (PLeak), where system prompts and fine-tuning data are revealed, and attacks on chain-of-thought reasoning further increase the risk.
Known Security Measures
According to Trend Micro, organizations must secure AI systems from the ground up. The report advises zero trust architecture, maintaining a software inventory, regular patches and audits, and proactive monitoring via XDR and SIEM platforms.
read also
Trend Micro Launches Integrated Security Solutions for AI Infrastructure Together with Dell and Nvidia
In fact, the best practices for secure AI implementation do not differ from general security guidelines. With the hype around AI and the urge of companies to quickly set up projects, the focus on security sometimes risks being sidelined. However, the report illustrates that AI and AI infrastructure can indeed be exploited as attack vectors. Trend Micro aims to position itself as a security expert with knowledge and experience in AI. The report serves this purpose, as does a previously launched integrated solution with Nvidia.