Cybersecurity

Essential Guide: Model Security Is The Wrong Frame – The Real Risk Is Workflow Security

2026-01-15 0 views admin
Essential Guide: Model Security Is The Wrong Frame – The Real Risk Is Workflow Security

As AI copilots and assistants become embedded in daily work, security teams are still focused on protecting the models themselves. But recent incidents suggest the bigger risk lies elsewhere: in the workflows that surround those models.

Two Chrome extensions posing as AI helpers were recently caught stealing ChatGPT and DeepSeek chat data from over 900,000 users. Separately, researchers demonstrated how prompt injections hidden in code repositories could trick IBM's AI coding assistant into executing malware on a developer's machine.

They exploited the context in which the AI operates. That's the pattern worth paying attention to. When AI systems are embedded in real business processes, summarizing documents, drafting emails, and pulling data from internal tools, securing the model alone isn't enough. The workflow itself becomes the target.

To understand why this matters, consider how AI is actually being used today:

Businesses now rely on it to connect apps and automate tasks that used to be done by hand. An AI writing assistant might pull a confidential document from SharePoint and summarize it in an email draft. A sales chatbot might cross-reference internal CRM records to answer a customer question. Each of these scenarios blurs the boundaries between applications, creating new integration pathways on the fly.

What makes this risky is how AI agents operate. They rely on probabilistic decision-making rather than hard-coded rules, generating output based on patterns and context. A carefully written input can nudge an AI to do something its designers never intended, and the AI will comply because it has no native concept of trust boundaries.

This means the attack surface includes every input, output, and integration point the model touches.

Hacking the model's code becomes unnecessary when an adversary can simply manipulate the context the model sees or the channels it uses. The incidents described earlier illustrate this: prompt injections hidden in repositories hijack AI behavior during routine tasks, while malicious extensions siphon data from AI conversations without ever touching the model.

These workflow threats expose a blind spot in traditional security. Most legacy defenses were built for deterministic software, stable user roles, and clear perimeters. AI-driven workflows break all three assumptions.

So, a better approach to all of this would be to treat the whole workflow as the thing you're protecting, not just the model.

Source: The Hacker News

🏷️ Tags

securityhackmalwareattackthreat

More from Cybersecurity

Security Trio Of Critical Bugs Spotted In Delta Industrial Plcs (2026)

Security Trio Of Critical Bugs Spotted In Delta Industrial Plcs (2026)

2026-01-15 0
Ftc Bans Gm From Selling Drivers' Location Data For Five Years - Full Analysis

Ftc Bans Gm From Selling Drivers' Location Data For Five Years - Full Analysis

2026-01-15 0
Microsoft Legal Action Disrupts Redvds Cybercrime Infrastructure... (2026)

Microsoft Legal Action Disrupts Redvds Cybercrime Infrastructure... (2026)

2026-01-15 0
Palo Alto Networks Warns Of Dos Bug Letting Hackers Disable Firewalls (2026)

Palo Alto Networks Warns Of Dos Bug Letting Hackers Disable Firewalls (2026)

2026-01-15 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views