Cisco Study Reveals Vulnerabilities in AI Models to Multi-Turn Attacks

Cisco Study Reveals Vulnerabilities in AI Models to Multi-Turn Attacks

First seen 27 May 2026, 22:44 UTC Infosecurity-MagazineCybersecuritydiveCsoonlineFeeds2.FeedburnerScworld+3 82% similarity 69.5

Article Content

Browse articles
ThreatCluster

A Cisco study has found that 15 major AI models from OpenAI, Anthropic, Google, Amazon, and xAI are significantly more vulnerable to multi-turn prompt injection attacks than previously reported. The research tested these models with 30,090 single-turn and 6,986 multi-turn attacks, revealing attack success rates (ASR) for multi-turn prompts ranging from 7.89% to 88.30%. In contrast, single-turn ASRs were much lower, between 2% and 65%. The study highlights the inadequacy of current safety benchmarks that rely solely on single-turn evaluations, which fail to account for iterative attack strategies used by real adversaries. Notably, xAI's Grok 4.1 Fast Non-Reasoning model had an alarming 88.3% ASR for multi-turn attacks. Researchers emphasize the need for AI vendors to adopt more comprehensive evaluation methods that include multi-turn ASR reporting. This research raises concerns about the safety of AI models deployed in various applications, as organizations may be misinformed about their true resilience against sophisticated attacks.

Key Points: • Cisco's study reveals major AI models are vulnerable to multi-turn attacks. • Attack success rates for multi-turn prompts reached as high as 88.3% in testing. • Current safety benchmarks are inadequate, relying on single-turn evaluations.

ThreatCluster AI

Timeline

2026-05-27
Cisco study published
Cisco released findings showing that major AI models are more vulnerable to multi-turn attacks than previously reported.
Csoonline
2026-05-27
Multi-turn attack success rates revealed
The study found multi-turn attack success rates ranged from 7.89% to 88.30%, significantly higher than single-turn rates.
Cybersecuritydive
2026-05-28
Industry response to study findings
The cybersecurity community is urged to reconsider AI model safety evaluations in light of Cisco's findings.
Scworld

Community

Browse all →