AI's Growing Vulnerabilities – Prompt Injections and the Need for Human Oversight

Artificial Intelligence (AI) continues to evolve rapidly, but with each advancement, new security vulnerabilities emerge. Recently, we discussed an insightful article from Dark Reading, where AI chatbots were found to “ditch guardrails” in response to prompt injection attacks. This issue highlights not just a technical flaw but a growing need for more robust security measures. As we see AI becoming integral in daily operations across industries, understanding how to safeguard these systems is crucial.

The Growing Concern of Prompt Injections

"AI is no different from what we've had to deal with in the past," my co-host Shannon Tynes pointed out during our discussion. Just as past cybersecurity threats like cross-site scripting exploited weak spots in systems, prompt injection attacks target AI models like ChatGPT and large language models (LLMs).

The vulnerability here isn’t merely hypothetical; it’s real. According to the article, prompt injections bypass AI guardrails approximately 65% of the time. That’s an alarmingly high success rate for attacks meant to exploit AI systems designed to protect sensitive information. For perspective, Daniel Acevedo , my other co-host, described it as akin to “social engineering for robots." These attacks occur when malicious actors overwhelm the AI with specific prompts, tricking it into revealing unintended information.

The Human Element in AI Security

The issue isn't just technical—it's educational. As Daniel emphasized, the defensive side of cybersecurity must evolve alongside offensive strategies, with a focus on protecting AI systems. “We have to fact-check our sources and ensure people know how to protect themselves, not just use AI,” he noted. The takeaway? The increasing use of AI necessitates integrating human oversight back into AI processes.

Despite AI’s complexity, humans remain a vital layer of defense. Even as these models reach "graduate-level" sophistication, they still lack context-specific understanding. AI can offer vast amounts of data but still struggle to interpret cultural nuances, making human intervention indispensable. In other words, while AI can assist, the final judgment often needs to come from a person.

A Call to Action

The need for comprehensive education on cybersecurity is clear. As AI becomes embedded in schools, workplaces, and everyday life, we must teach people not just how to use these tools but how to protect themselves from the potential risks they bring.

To stay ahead in cybersecurity, keep engaging with reliable resources, continue learning about emerging threats, and always keep a human in the loop.

Thank you for reading and stay tuned for more episodes of The Other Side of the Firewall podcast on Monday, Tuesday, Wednesday, and Fridays, as well as, the Ask A CISSP podcast every Thursday. Make sure to also add The Cybe Coffee Hour to your podcast rotation! Please like, share, and, subscribe.

Stay safe, stay secure!

Ryan is a retired Air Force veteran who brings over 20 years of experience in network infrastructure, project management, and cybersecurity consulting to his current roles at RAM Cyber Consulting & Assessments, LLC and BuddoBot . Buddobot’s mission is to support national security by transforming, empowering, and educating organizations to shift from reactive, diluted, automated, and high-cost IT and security practices to proactive, effective solutions that fortify their security.

Shannon, also a retired Air Force veteran, has more than two decades of expertise in network security and vulnerability management. He now serves as an Information System Security Officer (ISSO) for the U.S. Space Force, where he continues to enhance national security protocols.

Chris, a Navy veteran with over ten years in IT, information assurance, and risk management, currently works at CompliancePoint . His roles include vCISO, RMF assessor, and consultant, focusing on enhancing data security and privacy for various organizations.

Daniel is an Air Force veteran with over 15 years of combined experience in IT, cybersecurity, information assurance, and government risk compliance. He has held various roles, including IT administrator, cybersecurity engineer, senior information system security manager, and currently serves as a senior security consultant for Booz Allen Hamilton. In this latest role, Daniel leverages his expertise to address unique and complex challenges in the cyber and IT domains, enhancing his customers’ capabilities.

**The Other Side of the Firewall podcast is a product of RAM Cyber Consulting & Assessments, LLC . RAM Cyber is a premier Governance, Risk, and Compliance (GRC) consultancy dedicated to supporting the Defense Industrial Base (DIB), Federal agencies, and corporate entities. We specialize in delivering expert guidance to ensure compliance, mitigate risks, and enhance cybersecurity postures. RAM Cyber is pending SDVOSB, VOSB, and 8(a) certification by the SBA, underscoring our commitment to excellence and service.