According to a recent analysis by Deloitte, the emergence of advanced artificial intelligence systems with sophisticated cyber capabilities is reshaping how organisations think about security and resilience. AI introduces a dual risk: on one hand, attackers can exploit vulnerabilities faster, and on the other, enterprises expand their own exposure through the adoption of AI agents, copilots, and automation.
The New Wave of AI-Driven Threats
The report highlights that emerging threats like prompt injection, data leakage, and excessive access require AI to be embedded into core threat models. A critical difference from traditional systems is that AI systems can be influenced not just through system breaches, but also by the data they process.
Do you have a question about AI security? You can reach us here:
The latest frontier AI models represent a significant leap in cyber capability. These systems can independently identify hidden vulnerabilities, chain them into working exploits, and execute complex attack paths with minimal human intervention. This development dramatically accelerates both the speed and scale of cyber threats.
From an AIQ Standpoint: OWASP, GDPR, and the EU AI Act
From an AIQ standpoint, the threats outlined by Deloitte align perfectly with the OWASP LLM Top 10 list, which summarises the most critical vulnerabilities of large language models. Prompt Injection (LLM01), data leakage (related to LLM06: Sensitive Information Disclosure), and excessive access (related to LLM08: Excessive Agency) are all central elements of LLM-specific security audits.
In a corporate context, this means that companies operating within the European Union’s regulatory framework must be particularly vigilant. A data leak caused by a prompt injection attack is considered a serious data breach under GDPR, regardless of the technical method of execution. Furthermore, the soon-to-be-fully-applicable EU AI Act will impose strict security and risk management requirements on high-risk AI systems, a category that could include the autonomous models described by Deloitte.
From Reactive Defence to Proactive Resilience
Deloitte’s analysis suggests that organisations have an opportunity to evolve their operating models from reactive defense to more adaptive, intelligence-driven approaches. This shift is prompting boards and CISOs to reimagine resilience, focusing on agility, continuous monitoring, and AI-enabled defense to keep pace with a rapidly changing threat landscape.
To respond effectively, organisations must align their defence with the speed and scale of AI-driven threats. This requires moving beyond reactive defence towards proactive, embedded resilience.
What This Means for Auditing Practices
In AIQ’s view, traditional security audits are no longer sufficient. When auditing LLM systems, it is necessary to examine not only the infrastructure but also the model itself, its data supply chain, and the permissions granted to it. A modern AI security audit must include testing for prompt injection defences, identifying data leakage vectors, and assessing the risks of ‘excessive agency’ held by AI agents. The key is proactivity: identifying vulnerabilities before another, malicious AI does it for us.