Csoonline
Cisco Study Reveals Vulnerabilities in AI Models to Multi-Turn Attacks
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A Cisco study has found that 15 major AI models from OpenAI, Anthropic, Google, Amazon, and xAI are significantly more vulnerable to multi-turn prompt injection attacks than previously reported. The research tested these models with 30,090 single-turn and 6,986 multi-turn attacks, revealing attack success rates (ASR) for multi-turn prompts ranging from 7.89% to 88.30%. In contrast, single-turn ASRs were much lower, between 2% and 65%. The study highlights the inadequacy of current safety benchmarks that rely solely on single-turn evaluations, which fail to account for iterative attack strategies used by real adversaries. Notably, xAI's Grok 4.1 Fast Non-Reasoning model had an alarming 88.3% ASR for multi-turn attacks. Researchers emphasize the need for AI vendors to adopt more comprehensive evaluation methods that include multi-turn ASR reporting. This research raises concerns about the safety of AI models deployed in various applications, as organizations may be misinformed about their true resilience against sophisticated attacks.
Key Points: • Cisco's study reveals major AI models are vulnerable to multi-turn attacks. • Attack success rates for multi-turn prompts reached as high as 88.3% in testing. • Current safety benchmarks are inadequate, relying on single-turn evaluations.