Multi‑Turn Prompt Attacks Undermine Safety of Leading Frontier AI Models, Cisco Reports
What Happened – Cisco’s AI threat intelligence team evaluated 15 flagship large‑language models (LLMs) using both single‑turn and multi‑turn prompts. While single‑turn refusal rates were low, multi‑turn adaptive attacks succeeded on up to 88 % of attempts, revealing a massive gap in current safety benchmarks.
Why It Matters for TPRM –
- Vendors that embed LLMs in SaaS products may expose customers to prompt‑injection attacks that bypass existing safeguards.
- Regulatory scrutiny of AI risk (e.g., EU AI Act) will increasingly demand proof of resilience against realistic, iterative adversarial use.
- Supply‑chain reliance on third‑party AI APIs means a vulnerability in a model can cascade to many downstream services.
Who Is Affected – Technology‑as‑a‑Service (SaaS) providers, cloud platforms, API‑driven applications, and any organization that integrates OpenAI, Anthropic, Google, Amazon, or xAI models.
Recommended Actions –
- Re‑evaluate AI model vendors against multi‑turn attack resilience, not just single‑turn benchmark scores.
- Implement runtime monitoring for anomalous prompt patterns and enforce “reasoning mode” or other hardening flags where available.
- Update contractual risk assessments to include AI‑specific security clauses and audit rights.
Technical Notes – Attack vector: iterative, context‑building prompt engineering (multi‑turn attacks). No specific CVE; the weakness is a systemic evaluation gap. Data types at risk include proprietary business logic, confidential documents, and personally identifiable information that may be extracted via successful prompt injection. Source: Help Net Security