HomeIntelligenceBrief
BREACH BRIEF🟠 High ThreatIntel

Multi‑Turn Prompt Attacks Undermine Safety of Leading Frontier AI Models, Cisco Reports

Cisco’s AI threat team discovered that adaptive, multi‑turn prompts bypass safety controls in 15 leading large‑language models, with success rates as high as 88 %. The findings expose a systemic gap in current AI safety benchmarks, raising urgent third‑party risk concerns for any organization that relies on external AI APIs.

LiveThreat™ Intelligence · 📅 May 28, 2026· 📰 helpnetsecurity.com
🟠
Severity
High
TI
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
3 recommended
📰
Source
helpnetsecurity.com

Multi‑Turn Prompt Attacks Undermine Safety of Leading Frontier AI Models, Cisco Reports

What Happened – Cisco’s AI threat intelligence team evaluated 15 flagship large‑language models (LLMs) using both single‑turn and multi‑turn prompts. While single‑turn refusal rates were low, multi‑turn adaptive attacks succeeded on up to 88 % of attempts, revealing a massive gap in current safety benchmarks.

Why It Matters for TPRM

  • Vendors that embed LLMs in SaaS products may expose customers to prompt‑injection attacks that bypass existing safeguards.
  • Regulatory scrutiny of AI risk (e.g., EU AI Act) will increasingly demand proof of resilience against realistic, iterative adversarial use.
  • Supply‑chain reliance on third‑party AI APIs means a vulnerability in a model can cascade to many downstream services.

Who Is Affected – Technology‑as‑a‑Service (SaaS) providers, cloud platforms, API‑driven applications, and any organization that integrates OpenAI, Anthropic, Google, Amazon, or xAI models.

Recommended Actions

  • Re‑evaluate AI model vendors against multi‑turn attack resilience, not just single‑turn benchmark scores.
  • Implement runtime monitoring for anomalous prompt patterns and enforce “reasoning mode” or other hardening flags where available.
  • Update contractual risk assessments to include AI‑specific security clauses and audit rights.

Technical Notes – Attack vector: iterative, context‑building prompt engineering (multi‑turn attacks). No specific CVE; the weakness is a systemic evaluation gap. Data types at risk include proprietary business logic, confidential documents, and personally identifiable information that may be extracted via successful prompt injection. Source: Help Net Security

📰 Original Source
https://www.helpnetsecurity.com/2026/05/28/cisco-multi-turn-ai-attacks/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · SOC 2 Readiness

Access is where most audits get tested.

Verisq AI Trust Operations maps incidents like this to your access controls and collects the evidence continuously, keeping your SOC 2 posture defensible.

See where you'd stand with Verisq AI Trust Operations →