“AI parts — e.g., LLM, RAG — are embedded within the software program provide chain, making them a brand new frontier for classy assaults,” Garraghan advised CSO. “As OWASP LLM 03:2025 factors out, LLMs steadily combine with exterior APIs and information sources, introducing important dangers by way of these dependencies.”
Merely encouraging safe coding practices, nonetheless, is just not sufficient.
“CISOs should undertake a proactive safety posture that features steady AI utility testing, software program invoice of supplies transparency, and automatic menace detection throughout the AI growth lifecycle,” Garraghan suggested.