Emerging AI security risks exposed in Pangea's global study
A global study by Pangea has highlighted emerging security weaknesses associated with the fast-paced deployment of AI systems in corporate environments.
The research, which involved Pangea's USD $10,000 Prompt Injection Challenge, analysed almost 330,000 real-world attack attempts submitted by more than 800 participants from 85 countries.
The challenge involved participants attempting to bypass AI security guardrails in three virtual rooms with increasing levels of difficulty in March 2025, generating extensive data on current AI security practices.
The study was prompted by a sharp increase in the adoption of generative AI across numerous sectors, with enterprises using AI-powered applications for interactions involving customers, employees, and sensitive internal systems. The researchers observed that, despite this rapid uptake, specific AI-focused security measures have not kept pace in many organisations, which often rely primarily on default protections provided by AI models themselves.
Pangea's dataset from the challenge revealed several vulnerabilities. A significant finding was the non-deterministic nature of large language model (LLM) security. Prompt injection attacks, a method where attackers manipulate input to provoke undesired responses from AI systems, were found to succeed unpredictably. An attack that fails 99 times could succeed on the 100th attempt with identical input, due to the underlying randomness in LLM processing.
The study also revealed substantial risks of data leakage and adversarial reconnaissance. Attackers using prompt injection can manipulate AI models to disclose sensitive information or contextual details about the environment in which the system operates, such as server types and network access configurations.
'This challenge has given us unprecedented visibility into real-world tactics attackers are using against AI applications today,' said Oliver Friedrichs, Co-Founder and Chief Executive Officer of Pangea. 'The scale and sophistication of attacks we observed reveal the vast and rapidly evolving nature of AI security threats. Defending against these threats must be a core consideration for security teams, not a checkbox or afterthought.'
Findings indicated that basic defences, such as native LLM guardrails, left organisations particularly exposed. The research showed that roughly 1 in 10 prompt injection attempts succeeded against these default protections, while multi-layered defences reduced the rate of successful attacks by significant margins.
Agentic AI, where systems have greater autonomy and direct access to databases or tools, was found to amplify organisational risk. When compromised, such systems could potentially allow attackers to move laterally across networks, increasing the scope for harm.
Joey Melo, a professional penetration tester and the only individual to successfully bypass all three virtual security rooms, spent two days developing a multi-layered strategy that ultimately defeated the single level of defence in room three.
Joe Sullivan, former Chief Security Officer at Cloudflare, Uber and Facebook, commented on the risks highlighted by Pangea's research. 'Prompt injection is especially concerning when attackers can manipulate prompts to extract sensitive or proprietary information from an LLM, especially if the model has access to confidential data via RAG, plugins, or system instructions,' said Sullivan. 'Worse, in autonomous agents or tools connected to APIs, prompt injection can result in the LLM executing unauthorised actions—such as sending emails, modifying files, or initiating financial transactions.'
In response to these findings, Pangea recommended a set of security measures for enterprises deploying AI applications. These include multi-layered guardrails to prevent prompt injection and data leakage, restriction of input languages and permitted operations in high-security environments, continuous red team testing specific to AI vulnerabilities, management of model randomness settings, and allocation of personnel or partners dedicated to tracking prompt injection threats.
Friedrichs emphasised the urgency of the issue in his remarks. 'The industry is not paying enough attention to this risk and is underestimating its impact in many cases, playing a dangerous wait-and-see game. The rate of change and adoption in AI is astounding—moving faster than any technology transformation in the past few decades. With organisations rapidly deploying new AI capabilities and increasing their dependence on these systems for critical operations, the security gap is widening daily. The time to get ahead of these concerns is now.'
Pangea's full research report, 'Defending Against Prompt Injection: Insights from 300K attacks in 30 days,' is publicly available.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
17 hours ago
- Techday NZ
LogicMonitor appoints Garth Fort as Chief Product Officer to boost AI
LogicMonitor has appointed Garth Fort as Chief Product Officer, tasking him with overseeing the company's global product strategy and execution, with a focus on further developing the LM Envision platform and driving advancement in AI-powered observability and AIOps through its AI agent, Edwin AI. This appointment follows the company's achievement of exceeding USD $300 million in annual recurring revenue (ARR), a milestone attributed to strong expansion into larger market segments and increased adoption of multiple LogicMonitor products. According to LogicMonitor, customers contributing over USD $100,000 in ARR have grown by more than 25 per cent year-over-year and now account for 80 per cent of the total ARR. The company also noted that Edwin AI, which was launched a year ago, has played a significant role in enhancing revenue growth and broadening platform adoption. Commenting on the appointment, Christina Kosmowski, Chief Executive Officer at LogicMonitor, said, "Garth's appointment represents our continued, strategic investment in product leadership at the intersection of Agentic AIOps and hybrid observability. Garth brings the pedigree and operational excellence to accelerate and execute our roadmap and unlock more value for our customers and partners—our goal is to reduce unplanned downtime by 50 per cent and empower customers with foresight, not hindsight." Garth Fort's previous roles include serving as Senior Vice President and Chief Product Officer at Splunk. During his tenure, he led Splunk's transition to the cloud, which is now a USD $4.2 billion business. The company highlighted his experience in shaping software and cloud services at prominent technology firms, including Amazon Web Services and Microsoft. Fort holds a bachelor's degree from the University of North Carolina, Chapel Hill, where he was recognised as a Morehead Scholar. Garth Fort, Chief Product Officer at LogicMonitor, said, "LogicMonitor is uniquely positioned to lead the next era of AI-driven observability and IT Operations at a time of massive data centre transformation. The increased demands created by rapid adoption of AI are driving unprecedented complexity across hybrid and multi-cloud environments. I'm excited to join LogicMonitor to help build an observability platform that doesn't just monitor across physical and cloud data centres - it foresees and adapts in real time." LogicMonitor stated that its LM Envision platform is designed to enable observability across on-premises and multi-cloud environments, providing IT and business teams with operational visibility and predictability across technologies and applications. The company aims to allow teams to spend less time on troubleshooting and more time on delivering services to employees and customers. The appointment of Fort as Chief Product Officer is intended to further the company's strategy of investing in product development and driving its growth in AI-driven software for IT operations. The company noted that Edwin AI's adoption is contributing to its financial results by supporting platform expansion and accelerating revenue from enterprise customers. LogicMonitor's focus remains on reducing unplanned downtime for its customers, addressing the challenges brought about by increased data centre complexity and the hybrid nature of modern IT environments. The company attributed part of its ongoing growth to the deployment of its AI-powered solutions, which it claims provide clients with improved foresight into IT operations. The company indicated that having experienced leadership, such as Garth Fort, is central to advancing its product roadmap and meeting the evolving demands of customers seeking operational efficiency amid growing technological complexity.
Techday NZ
2 days ago
- Techday NZ
Deel hits USD $1 billion run rate milestone amid rapid growth
Deel has reported surpassing a USD $1 billion run rate in the first quarter of 2025, marking a notable milestone in its growth trajectory. The company, which launched in New Zealand in 2022, announced the achievement less than six years after its founding. It attributes this milestone both to rapid global expansion and a diversified revenue approach, combining subscription and implementation fees for its run rate calculation. Deel's financial overview indicates a sustained pace of growth, with a 75% year-on-year revenue increase from April 2024 to April 2025. The firm reported double-digit EBITDA margin growth in the first quarter of 2025 and stated it has been profitable since the third quarter of 2023. It has not raised additional funds since 2022. The company has also achieved 164% year-on-year growth across its HR and payroll product segments over the past year. Deel now serves more than 35,000 corporate clients and supports approximately 1.25 million workers in over 150 countries. Its customer portfolio includes names such as Klarna, BCG, and Deel's integrated product suite and owned payroll infrastructure are described as having shifted how organisations approach global hiring and employee management. By offering a unified platform as well as white label and unbundled services, Deel aims to address requirements for companies of varying sizes and enable further revenue diversification. As part of its growth strategy, Deel has acquired companies including PaySpace, Hofy, Zavvy, and Assemble. These acquisitions have allowed the company to add new products and extend its payroll infrastructure. Anish Acharya, General Partner at Andreessen Horowitz and Board Member at Deel, commented, "When I first met Deel, there were 10 people with a big idea, and now they're powering global teams at a massive scale. Alex and Shuo continue to execute on their vision, methodically building a platform that reduces the complexity of global hiring and enables companies to onboard talent anywhere in the world with speed and confidence. As a result, Deel has become the default infrastructure for global work. Their product velocity and early bet on AI have unlocked tools that make global work simpler and more accessible for customers everywhere." Alex Bouaziz, Co-founder and Chief Executive Officer of Deel, added, "Reaching a $1 billion run rate is a reflection of the trust our customers have put in us. From day one, we believed the future of work demanded a new kind of infrastructure - one that was global, flexible, and obsessed with quality. We're proud of this milestone, but we're even more excited about what's next. Our work has only just begun." Deel's approach to global HR involves combining payroll, compliance, benefits, performance management, and IT asset equipment management into a single platform. The company has invested in artificial intelligence-powered tools and maintains a fully owned payroll infrastructure to support multiple worker types across its global footprint. Deel supports every worker type in 150+ countries, helping businesses scale smarter, faster, and more compliantly.
Techday NZ
2 days ago
- Techday NZ
Supply chain leaders invest in AI & tech for resilience, growth
Blue Yonder has released the findings of its inaugural Supply Chain Compass report, presenting the strategic priorities of nearly 700 global supply chain leaders across sectors including manufacturing, retail, and logistics. The report identifies implementing new technology (51%), improving efficiency and productivity (40%), and building more resilient supply chains (29%) as the leading focus areas for supply chain leaders over the next three years. Achieving these priorities will require specific actions, with better demand planning and rapid access to performance data each cited by 46% of respondents as essential. Investing in tracking and visibility solutions (45%), digital software transformation and innovation (41%), and effective supply chain cost management (33%) also feature prominently in leaders' strategies. The report indicates these measures address both immediate operational challenges and longer-term demands for flexibility against a backdrop of economic and geopolitical uncertainty. "A consistent theme among surveyed leaders was the adoption of innovative solutions that deliver true end-to-end visibility across the supply network and enable a more connected, intelligence-driven approach to demand and supply planning," said Andrea Morgan-Vandome, Chief Innovation Officer at Blue Yonder. "In the face of ongoing economic uncertainty, geopolitical instability, and inflationary pressures, supply chain leaders are prioritizing technologies that enhance speed and precision. The report highlights that, beyond mitigating risk, decision-makers are increasingly exploring next-generation AI agents to advance sustainability goals and build supply chains that are not only faster but also more efficient." Investment in technology is a clear trend, with 89% of decision-makers allocating a dedicated budget to new supply chain technologies. For 61% of respondents, investment levels in supply chain technology range from USD $1 million to USD $10 million over the next five years. The report also reveals that 74% of leaders believe AI is already transforming their business operations, and 82% agree that outdated technology hampers supply chain potential. Implementing new technology ranks as a top-three priority for 51% of supply chain leaders over the coming years. Adoption of traditional AI solutions for automation and prediction is well established, with 83% of respondents using or adopting AI-powered automation, and 78% using machine learning and predictive AI. In comparison, just 36% are using or implementing generative AI solutions. Generative AI is being explored for its potential to improve reliability and advance sustainability objectives. One in four companies is currently in the process of implementing generative AI, and only 16% report no intention to do so. Barriers to generative AI adoption include an organisational preference for people-led approaches (51% of those with no plans for AI), high implementation costs—particularly among those with limited technology budgets—and other strategic priorities such as automation of inventory management. Companies focused on transportation, order management, execution, and fulfilment are the most likely to be exploring generative AI (46%), whereas logistics-focused organisations record a lower rate of planned adoption at 16%. Sustainability is a significant consideration for supply chain leaders, with "sustainable" selected as the leading descriptor for the future of supply chain operations. Nearly two-thirds (68%) agree there is an obligation for supply chain operators to address issues such as waste and climate change. Organisations that list sustainability among their top three priorities tend to view their supply chain performance more positively, and report greater engagement with technology and AI adoption. Among this group, 94% consider end-to-end data connectivity fundamental to business success, 80% report AI is actively changing operations, and 61% are investigating generative AI. Efforts to improve supply chain sustainability are primarily concentrated on practical initiatives such as sustainable packaging (37%), waste reduction in manufacturing (30%), recycling (28%), renewable energy use (28%), and lowering emissions from warehouses and facilities (27%). Fewer leaders have adopted technology-driven sustainability solutions, including data analytics for emissions tracking (22%), connected shipping networks (17%), measures to reduce waste from expiration (13%), and improvements in returns processing (12%). There is, however, recognition that forecasting technology can play a role in increasing both efficiency and sustainability, with 26% of respondents identifying this as a key link. "This study highlights that companies who have established sustainability as a top priority rate their overall supply chain performance more optimistically," said Saskia van Gendt, Chief Sustainability Officer at Blue Yonder. "The intersection of technology and sustainability presents a promising opportunity. Leaders who prioritize sustainability are leveraging advanced technologies such as AI and data connectivity to enhance efficiencies and reduce environmental impact. By embracing these innovations, we can transform our supply chains into powerful engines of sustainable growth." The Blue Yonder Supply Chain Compass report was compiled following a survey of senior supply chain leaders in North America and Europe, offering insight into leadership perspectives on technology, efficiency and sustainability in a rapidly evolving supply chain landscape.
