From Lenovo’s chatbot breach exposing session cookies to our own research uncovering PROMISQROUTE, a novel vulnerability in GPT-5’s routing mechanism found by Adversa AI Research team, this week showed how fragile AI security architectures still are.

The risks are not limited to technical flaws: regulators are struggling too, as NIST released an overlays concept paper without concrete safeguards and the EU’s AI-CAP drew criticism for prioritizing growth over security and sustainability. Meanwhile, Grok leaked hundreds of thousands of user chats through a flawed sharing feature — a stark reminder that privacy and safety failures are systemic in today’s AI platforms.

For practitioners, these incidents highlight why continuous AI Red Teaming, independent testing, and resilient governance remain the only effective ways to manage evolving risks in generative and agentic AI.

Lenovo chatbot breach highlights AI security blind spots in customer-facing systems

CSO Online, August 20, 2025 

Cybernews researchers showed how a single 400‑character malicious prompt tricked Lenovo’s GPT‑4‑powered support chatbot into generating harmful HTML, enabling theft of agent session cookies.

Experts warn this reflects a broader trend: shipping customer‑facing AI without the security rigor applied to traditional web apps, allowing prompt injection + poor sanitization to escalate into insider‑style threats, phishing, and lateral movement.

Our team has broken down this incident step by step — read the full analysis. And if you want to dive even deeper, download our Top AI Security Incidents (2025 Edition) report with 16 real‑world cases and lessons learned.

How to deal with it:

• Apply the same secure coding and input/output sanitization standards to AI chatbots as to any web application.
• Implement Continuous AI Red Teaming to uncover prompt injection, XSS, and other evolving attack vectors.
• Treat AI chatbots as mission-critical applications, not pilots, embedding security-by-design from the outset.

PROMISQROUTE: GPT-5 AI Router Novel Vulnerability Class Exposes the Fatal Flaw in Multi-Model  Architectures

Adversa AI, August 19, 2025

We uncovered a new class of AI vulnerability showing how GPT‑5 silently routes many user queries to weaker, cheaper models to cut costs. Simple trigger phrases can manipulate the router to downgrade security, bypass filters, and revive old jailbreaks — making the system only as strong as its weakest model.

Read the full research with technical details and mitigations on our website.

How to deal with it:

• Audit routing logic and logs to ensure prompts cannot control model selection.
• Implement Continuous AI Red Teaming to uncover routing bypasses and multi-model downgrade attacks.
• Deploy cryptographic routing and universal safety filters to eliminate trust in user input for control decisions.

NIST’s attempts to secure AI yield many questions, no answers

CSO Online, August 19, 2025 

NIST launches AI security overlays concept paper but offers no concrete solutions, instead seeking industry feedback to adapt SP 800-53 controls for AI — an initiative we also highlighted in last week’s digest.

The paper highlights challenges like model integrity, access control, and especially the lack of visibility into how AI is used, trained, and deployed across enterprises. Experts warn that traditional controls may not address novel AI threats such as prompt injection, shadow AI adoption, or poisoned training data, while some caution that even the feedback process itself could be gamed by AI systems. The effort reflects regulators’ recognition of the risks, but also underscores how immature AI-specific security standards still are.

How to deal with it:

• Treat all AI systems as untrusted until inventoried and risk-assessed, building a full AI model inventory as step one.
• Assume compromise as a baseline and integrate adversarial robustness testing, including AI Red Teaming.
• Actively engage in regulatory consultations like NIST’s to shape controls, but prepare internal frameworks that go beyond today’s guidance.

Bigger And Faster Or Better And Greener? The EU Needs To Define Its Priorities For AI

Tech Policy, August 21, 2025

EU AI Action Plan Criticized for Ambiguity Between Speed, Democracy, and Sustainability.

The European Commission’s AI Continent Action Plan (AI-CAP) promises global leadership in AI but faces criticism for leaving unclear whether Europe prioritizes fast growth with “bigger AI” or democratic and sustainable AI development.

The ambiguity risks creating unrealistic expectations and leaves space for Big Tech to shape Europe’s agenda. For companies working in AI security and AI Red Teaming, this highlights how regulatory uncertainty can amplify risks — pushing enterprises to deploy powerful systems quickly without sufficient testing, auditing, or resilience checks. The lack of clear guardrails around sustainability and democratic values also mirrors the current lack of guardrails for safety, making independent validation and adversarial testing even more critical.

See our EU AI Act page for a deeper dive into how regulation tackles these challenges.

How to deal with it:

• Monitor EU regulatory developments closely to anticipate compliance and market shifts.
• Engage in industry feedback processes to push for stronger security and testing requirements in AI regulation.
• Position AI Red Teaming as a necessary layer to compensate for gaps between EU ambitions and concrete safeguards.

Hundreds of thousands of Grok chats exposed in Google results

BBC, August 21, 2025

Nearly 300,000 user conversations with Elon Musk’s AI chatbot Grok were unintentionally indexed by Google due to its “share” feature, making sensitive chats publicly accessible.

This incident underscores how flawed sharing mechanisms in AI platforms can lead to large-scale privacy breaches. For companies deploying chatbots, it highlights the critical need for robust data protection, transparent defaults, and safeguards against unintended exposure. For us, as an AI Red Teaming company, this is another strong example of how poor design choices in AI systems create systemic security and privacy risks.

We previously explored Grok’s weaknesses in Grok 3 Jailbreak and AI Red Teaming — this latest incident reinforces the urgency of hardening these platforms.

How to deal with it:

• Conduct AI Red Teaming of sharing and export functions to uncover hidden data-leak paths.
• Enforce privacy-by-default with explicit opt-in for public access, supported by logging and regular reviews.
• Implement continuous monitoring for leaks, including alerts on external indexing, automated scans, and a rapid takedown playbook.

Secure the Future of Enterprise AI

ISACA, August 22, 2025 

The ISACA Advanced in AI Security Management™ (AAISM™) is the first certification fully dedicated to AI-centric security management. It equips experienced professionals to strengthen enterprise defenses against AI-specific threats, manage evolving risks, and implement responsible AI policies. The program covers AI governance, technologies and controls, and AI risk management.

For more expert breakdowns, visit our Trusted AI Blog or follow us on LinkedIn to stay up to date with the latest in AI security. Be the first to learn about emerging risks, tools, and defense strategies.

Subscribe for updates

Stay up to date with what is happening! Plus, get a first look at news, noteworthy research, and the worst attacks on AI—delivered right to your inbox.