Artificial intelligence (AI) systems are facing new security risks as attackers find ways to bypass safeguards, poison data, and extract sensitive information, according to a new report from cybersecurity company Trend Micro.
The Trend Micro study, revealed during the annual security conference Decode 2025, warns that organizations using AI could face data theft, misinformation, financial losses, and reputational harm if these threats are not addressed.
The Trend Micro report also sheds light on the evolving cybercriminal underground, where Russian-, Spanish-, and English-speaking communities are refining tactics ranging from ransomware and phishing to stolen data marketplaces. Trend Micro noted that these networks continue to adapt to global trends and law enforcement crackdowns, with some shifting to more secure and decentralized platforms.
“Addressing these risks requires a combination of robust technical controls, continuous monitoring, and ongoing security assessments,” Morton Swimmer, principal researcher of Trend Micro, said.
The report details how attackers exploit large language models (LLMs) and agentic AI systems through methods such as jailbreaks, data poisoning, and tool manipulation. These threats could lead to data theft, misinformation, financial losses, and reputational harm for organizations deploying AI.
Among the identified threats include jailbreak attacks, where adversaries trick AI into bypassing safety measures. Also, indirect and multimodal prompt injections, which insert hidden instructions into text, images, or other media. Model poisoning, on the other hand, is where false data corrupts the AI’s knowledge base. Data and model exfiltration involve stealing confidential information or the model itself.
For agentic AI, which can autonomously use external tools and data, new risks include tool subversion, malicious tool integration, and prompt injection through external systems. These can undermine trust in AI outputs, disrupt operations, or lead to unauthorized actions.
The report also reviews cybercriminal underground activity across Russian-speaking, Spanish-speaking, and English-speaking communities. It notes how groups adapt their tactics, with Russian forums focusing on ransomware, Spanish networks on monetizing stolen data, and English platforms acting as intermediaries.
Trend Micro warns that as cybercriminals adopt more advanced tools, there may be closer ties to state-backed operations and a shift toward decentralized platforms to evade law enforcement.