Prompt Injection Attacks Surge, Targeting AI Systems in 2025

In 2025, over 90 organizations fell victim to prompt injection attacks, exploiting vulnerabilities in large language models (LLMs). CrowdStrike's 2026 Global Threat Report indicates that AI-enabled cyberattacks surged by 89% year-over-year, with attackers stealing credentials and cryptocurrency. Notably, a single incident drained $175,000 from an AI-controlled crypto wallet using a Morse-code-encoded prompt. The OWASP LLM Top 10 ranked prompt injection as the most critical vulnerability for LLM applications. Significant incidents include the EchoLeak vulnerability (CVE-2025-32711) disclosed in June 2025, allowing zero-click exploitation of Microsoft 365 Copilot. These attacks highlight a growing trend where attackers manipulate AI systems through crafted inputs. Organizations deploying AI must address these vulnerabilities to mitigate risks effectively.

Key Points: • Prompt injection attacks affected over 90 organizations in 2025, with significant financial losses. • CrowdStrike reported an 89% increase in AI-enabled cyberattacks year-over-year. • The EchoLeak vulnerability (CVE-2025-32711) allowed zero-click exploitation of AI systems.