AI systems are scaling fast — and so are the risks.

This month’s digest highlights urgent developments shaping the future of GenAI security. From SANS and OWASP’s landmark partnership to define standard AI security controls, to Accenture’s warning that most enterprises lack foundational AI defenses, the message is clear: security is lagging behind adoption.

Meanwhile, real-world threats are already surfacing. Backslash researchers uncovered hundreds of vulnerable MCP servers, exposing core infrastructure for agentic AI workflows. OWASP’s latest guidance dives deep into prompt injection, offering new tactics to defend LLMs against linguistic exploits. And in healthcare, 99% of organizations now use GenAI—yet nearly all face serious obstacles in scaling safely.

Whether you’re building with autonomous agents or securing legacy systems, these stories offer a snapshot of where AI security stands—and where it urgently needs to go.

SANS and OWASP Join Forces to Standardize AI Security Controls

YahooFinance, July 1, 2025

SANS and OWASP have partnered to co-develop a unified set of AI security controls that are ready for real-world implementation across industries.

Until now, security teams have lacked widely adopted, practical frameworks for defending AI systems. This collaboration bridges the gap between research and execution, empowering defenders with field-tested, actionable guidance.

How to deal with it:

1. Review the upcoming OWASP+SANS control set and map it against your organization’s AI systems.
2. Prioritize implementation of baseline controls that address high-impact risks.
3. Integrate the control set into internal AI Red Teaming and secure development workflows.

Most enterprises can’t secure AI, Accenture says

Ciodive, July 1, 2025

An Accenture survey of over 2,000 executives revealed that nearly 4 in 5 enterprises lack the foundational capabilities to secure their AI models, pipelines, and infrastructure.

Organizations are accelerating AI deployment without matching security investment, leading to architectural blind spots and expensive retrofits. The imbalance between innovation and defense creates systemic exposure, especially as GenAI tools scale.

How to deal with it:

1. Conduct an AI security maturity assessment across your environments.
2. Rebalance your budgets to include secure design reviews, threat modeling, and red teaming for AI use cases.
3. Build cross-functional teams that align AI deployment with your security strategy from day one.

GenAI adoption surges in healthcare but security hurdles remain

ITBrief, July 2, 2025

Nutanix reports that 99% of healthcare organizations are using GenAI, yet 96% say their data governance and infrastructure aren’t ready for secure, scalable deployment.

Healthcare is a high-risk environment where data privacy and system reliability are critical. The rush to adopt GenAI without modernized infrastructure and strong controls puts sensitive patient data and decision-making at risk.

How to deal with it:

1. Audit existing GenAI workflows for blind spots in data protection and role-based access.
2. Prioritize infrastructure modernization to support scalable and secure AI workloads.
3. Strengthen governance policies around model access, training data, and clinical decision support.

Threat Research: Hundreds of MCP Servers Vulnerable to Abuse

Backslash, June 25, 2025

Backslash researchers identified hundreds of misconfigured Model Context Protocol (MCP) servers vulnerable to impersonation, data exfiltration, and remote command execution.

MCPs are critical to agentic AI workflows, enabling tool access and system control. Poorly configured servers silently expose local environments, especially in coworking or shared network settings, with real-world risk.

How to deal with it:

1. Ensure MCP servers are never bound to 0.0.0.0 without strict firewall controls.
2. Sanitize and validate all command inputs to prevent shell access and OS injection.
3. Restrict agent capabilities using wrapper logic, permissions boundaries, and safe tool registration patterns.

The Rise of Agentic AI: Uncovering Security Risks in AI Web Agents

Security Boulevard, June 30, 2025

As AI web agents become more autonomous — combining LLMs with headless browsers and API tools — they create new and poorly understood attack surfaces.

Web agents operate across browser, memory, and API layers, often parsing untrusted inputs and acting with minimal oversight. Their integration into business workflows creates compound security risks beyond traditional chatbot threats.

How to deal with it:

1. Threat model any workflow that relies on autonomous web agents or browser automation.
2. Apply isolation strategies such as sandboxed execution and scoped API permissions.
3. Monitor agent behavior using observability tooling to detect prompt injection, misuse, or unsafe chaining.

Defending the prompt: How to secure AI against injection attacks

SC Media, July 3, 2025

OWASP’s 2025 guidance outlines layered defenses against prompt injection, a growing class of linguistic exploits targeting LLM behavior and output.

Why it matters:
Prompt injection is inherent to how LLMs reason, making it impossible to fully patch — only contain. Without proper safeguards, models can be manipulated to leak data, break rules, or trigger unsafe actions, often silently.

How to deal with it:

1. Treat your LLM like an untrusted user and enforce least privilege through hardened wrappers.
2. Use adversarial testing and sandboxing to proactively identify prompt injection vectors.
3. Continuously test and monitor AI behavior using the Adversa AI Red Teaming Platform — purpose-built to simulate real-world exploitation and validate GenAI defenses.

For more expert breakdowns, visit our Trusted AI Blog or follow us on LinkedIn to stay up to date with the latest in AI security. Be the first to learn about emerging risks, tools, and defense strategies.

Subscribe for updates

Stay up to date with what is happening! Plus, get a first look at news, noteworthy research, and the worst attacks on AI—delivered right to your inbox.