top of page
WLOGO2.png
Search

AI Security: From 2018 to 2025, A Revolution in Threats (Part 1/3)

  • agraveline1
  • Oct 30
  • 2 min read

When we launched ML-SECURITY in 2018, the AI world looked very different. Security concerns primarily revolved around data poisoning and adversarial attacks on classification models. Large Language Models didn't exist yet.

Seven years later, ChatGPT and its peers have revolutionized the industry... and with them, an entire ecosystem of new vulnerabilities has emerged.

2018: The Era of Classical Machine Learning

Back then, our AI security audit work for M&A operations focused on:

  • Training data poisoning - injection of malicious data to corrupt the model

  • Adversarial examples - subtle perturbations to fool vision models

  • Model theft - intellectual property extraction via targeted queries

  • Algorithmic bias - systematic discrimination in automated decisions

These threats were well understood, documented, and we had proven audit methodologies in place.

2025: The LLM Explosion and New Vulnerabilities

The advent of GPT-3, then GPT-4, Claude, Gemini, and the race for generative AI has changed the game. Companies are massively integrating these technologies, but few truly understand the new risks.

LLMs have introduced entire categories of vulnerabilities unknown in 2018:

  • Prompt injection - manipulation of system instructions

  • Jailbreaking - bypassing security guardrails

  • Data leakage - extraction of memorized sensitive data

  • RAG system attacks - poisoning knowledge bases

  • Code execution via plugins - complete system compromise

Implications for M&A Operations

In 2018, our mission was to audit the robustness of AI models during acquisitions. Today, the equation has changed: a company claiming to have LLM-based AI assets may be hiding critical vulnerabilities invisible on the surface.

An unsecured LLM system can:

  • Expose confidential customer data

  • Violate GDPR and trigger massive fines

  • Cause a major security incident post-acquisition

  • Significantly devalue the acquired asset

Coming Next: Part 2 - Vulnerabilities in Detail

In our next article, we'll detail each of these new vulnerabilities with concrete attack examples and their real business impact.

Stay tuned!

 
 
 

Comments

blue4.png

©2019 by Disaitek and ML Security

bottom of page