{“lastseen”:”2025-11-20T22:05:13″,”description”:”Enterprises everywhere are racing to leverage AI to gain sharper insights, automate workflows, and deliver richer customer experiences. Based on an assessment conducted by Bain \\u0026 Company, generative AI adoption is soaring, with 95% of US companies using it, up 12 percentage points in just a year. Similarly, an EY survey found that 48% of tech executives are already adopting or fully deploying agentic AI. But as they say, with great power comes a greater attack surface \u2014 one that learns, executes, and sometimes misbehaves. As AI adoption accelerates, so do the risks. For example, nearly 99% of AI-related vulnerabilities are tied to API flaws and 89% of AI-powered APIs lack secure authentication.\\n\\nThe AI boom is fueled by record-high enterprise adoption, and the rapid rise of agentic AI has collided with an explosion of operational security and compliance risk. As AI capabilities become deeply embedded across cloud platforms, applications, DevOps pipelines, and even the tools that secure them, organizations now face an attack surface that not only expands but thinks, adapts, and occasionally acts out. This is why forward-leaning security teams are combining Qualys TotalAI with TotalCloud and TotalAppSec to unify AI safety testing, AI vulnerability detection, cloud and container posture security, application security, API security, and risk prioritization into a single, contextual picture. With accelerated AI adoption, only a unified approach can help organizations harness the capabilities while eliminating the dangers.\\n\\n* * *\\n\\n**Unlock the potential of Qualys TotalAI.**\\n\\nFind out More\\n\\n* * *\\n\\n## Threat Landscape\\n\\nRecent industry headlines reveal just how risky the AI attack surface can be for organizations:\\n\\n 1. NYC\u2019s AI Chatbot encouraged business owners to break the law\\n 2. A major international airline had to pay damages for misinformation provided by its chatbot\\n 3. The Chicago Sun-Times and the Philadelphia Inquirer got some bad press for mistakenly publishing a fake summer reading list\\n 4. ChatGPT, when asked to find legal precedent, hallucinated court cases\\n\\n\\n\\nThese incidents show how easily AI systems can expose organizations to legal safety compliance and reputational damage through harmful, illegal, misleading, or fabricated outputs. As enterprises deploy AI faster across cloud and application ecosystems, the potential blast radius widens dramatically. This can also lead to potential lawsuits, regulatory scrutiny, and public backlash.\\n\\nIn order to understand the issue holistically, let\u2019s look at the Generative and Agentic AI more closely.\\n\\n## Generative AI workflow and risk lifecycle\\n\\nGenAI is a subfield of AI that uses generative models to produce text, code, audio, video, or other forms of data. GenAI workflow involves the following steps, which introduce the associated risks.\\n\\n * **Data collection and curation:** Data that is collected and curated may be malicious, poisoned, or sensitive.\\n * **Training and fine-tuning:** The basemodel may be vulnerable.Malicious, poisoned, or sensitive data may create problems in the training or fine-tuning phase.\\n * **Evaluation and testing:** Evaluation tools may be compromised. The model may inadvertently leak sensitive data. Models may be vulnerable to extraction and integrity attacks.\\n * **Deployment, Inference** : The deployment stack may be vulnerable. The model may be vulnerable to DoS attacks.\\n * **User Interaction** : User is untrusted, and their prompts may be unsafe.\\n * **Feedback and iteration:** User feedback may be malicious, compromised, poisoned, or sensitive.\\n\\n\\n\\nEach of these stages intersects with cloud environments, repositories, pipelines, and external systems, making integrated cloud security visibility essential. This is where combining TotalAI with TotalCloud gives organizations an end-to-end view across both the AI and cloud workflow.\\n\\nFig 1\\n\\n## Agentic AI workflow and risk lifecycle\\n\\n\\n\\n**AI Agent workflow**\\n\\n 1. Agent input = User input + contextual data\\n 2. The model reasons about the agent\u2019s goals and develops a plan\\n 3. The agent interacts with external systems or resources via tools or actions. _(The AI agent, as an MCP client, queries the MCP server for available tools and data)_\\n 4. Memory retains context across interactions, stores learned user preferences\\n 5. The agent\u2019s output is displayed within the user\u2019s application interface\\n\\n\\n\\n**Risks Involved**\\n\\n 1. Untrusted user input or external content may lead to prompt injection attacks\\n 2. Iterative planning may cause logic errors, intent drift, or malicious hijacking\\n 3. Uncontrolled tool access can enable harmful actions if planning is compromised, or tools may be rogue, insecure, or leak sensitive data.\\n 4. Malicious data stored in memory can become a vector for persistent attacks\\n 5. Unsanitized agent output may cause XSS or data exfiltration vulnerabilities.\\n\\n\\n\\nAs you can see, there are many points of security failure in the AI workflows described above. Even if you start with a safe base model, you may introduce vulnerabilities during fine-tuning, training, evaluation, deployment, and inference. Also, most of the weaknesses become visible when users start interacting with the model or the agent. That is why AI risks must not be assessed in isolation.\\n\\nWhen agents act across cloud resources, the security stakes increase. Pairing TotalAI with TotalCloud enables detection of risky agent behaviors, insecure tool chains, and unsafe agent actions, within cloud and container environments.\\n\\n## Why AI Risks Cannot Be Assessed in Isolation****\\n\\nAI risks must never be evaluated in isolation because modern AI systems operate across interconnected application infrastructure, identity, and cloud stacks. Even a well-aligned LLM can become high risk if deployed on misconfigured cloud infrastructure, insecure APIs, or vulnerable dependent services. Toxic combinations across data pipelines, orchestration layers, and agentic actions magnify the overall risk posture.\\n\\nTogether, toxic combinations may multiply risks. For example, even if an LLM is well-aligned and protected against prompt exploitation, it may still be deployed on vulnerable infrastructure, may have insecure APIs, or misconfigured data stores, making it possible for attackers to steal models, training data, or system secrets. Similarly, AI threats are not limited to inference endpoints\u2014AI is increasingly embedded across applications, APIs, agents, data pipelines, and orchestration layers. Understanding AI exposure requires correlating these components to accurately assess the blast radius of a compromise and determine how an exploited weakness in one layer can cascade into system-wide business impact.\\n\\n## Meet Qualys TotalAI \u2014 powering AI risk management in Qualys Enterprise TruRisk Platform\\n\\nA holistic risk assessment must therefore consider not only model behavior and prompt safety, but also the full stack that enables the AI system to operate. This includes software dependencies, identity and access controls, network posture, security controls, and the sensitivity and governance of underlying data. That is why Qualys TotalAI is integrated into the Qualys Enterprise TruRisk Platform\u2014to bring AI security into the same risk model used for applications, infrastructure, and cloud services and setting organizations up to implement their own Risk Operations Center (ROC). By correlating AI risks with the surrounding environment, organizations can prioritize remediation more intelligently, understand real operational exposure, and manage AI adoption with confidence and measurable risk reduction. When paired with Qualys TotalCloud and TotalAppSec, teams gain correlated context across cloud misconfigurations, identity exposures, AI and API vulnerabilities, and model safety issues, all prioritized through TruRisk.\\n\\nTotalAI powers AI risk management capabilities of the Qualys platform, with unified visibility, risk assessment, and response across:\\n\\n * LLMs and model artifacts\\n * AI workloads and MCP servers\\n * AI agents (on the roadmap)\\n * AI software packages, frameworks, and GPUs\\n * AI-specific vulnerabilities (1000+ detections)\\n\\n\\n\\nUnlike other solutions which require new sensors and deployments, Qualys customers get AI Scanning out of the box with their existing Cloud Agents and Scanners – enabling instant LLM discovery and scanning. When combined with TotalCloud\u2019s container cloud and serverless visibility, organizations get a complete AI-to-cloud risk picture in a single platform.\\n\\n## Key TotalAI capabilities\\n\\nFig 3\\n\\n### 1) Full inventory of AI assets\\n\\nAutomatically discover models, AI workloads, MCP Servers, AI Software Packages, GPUs, and AI infrastructures across multi-cloud including AWS Bedrock\/Sagemaker, Azure Open AI, Google Vertex, Hugging Face, and any on-premises model.\\n\\n### 2) Security + Safety testing of models\\n\\nTotalAI assesses models for bias and safety (toxicity, harassment, hate speech, discriminatory behavior), factual inconsistencies, illegal activities, security vulnerabilities (such as prompt injection, jailbreak vectors) outlined in \u201cOWASP TOP 10 for LLM\u201d to check if models can be coaxed into leaking data or giving risky, illegal, biased, problematic responses.\\n\\n### 3) AI-specific vulnerability detection\\n\\nTotalAI includes an AI-tailored vulnerability catalog (1,000+ AI-specific vulnerability detections) that is correlated with threat intelligence to produce meaningful remediation priorities via TruRisk.\\n\\n### 4) Unified reporting \\u0026 executive-ready narratives\\n\\nGenerate categorized, context-rich LLM security reports for stakeholders \u2014 making it easier to summarize risks, remediation status, and compliance posture to executives and auditors. TotalAI findings map to OWASP Top 10 for LLMs, MITRE ATLAS (threat techniques for AI), and compliance requirements (GDPR, PCI, and EU AI Act). This alignment helps security and compliance teams translate technical issues into regulatory and business risk.\\n\\n## Practical checklist to be ROC-ready\\n\\n 1. **Inventory** : Run an auto-discovery across cloud and on-prem to enumerate models, agents, and GPUs.\\n 2. **Baseline** : Run AI-specific vulnerability scans and model safety tests.\\n 3. **Prioritize** : Use TruRisk or an equivalent to map technical findings to business impact.\\n 4. **Remediate** : Patch infrastructure, rotate keys, fix prompt design, revoke access to exposed models.\\n 5. **Monitor** : Continuously test for prompt injection, data leakage, and anomalous model behavior.\\n 6. **Report** : Produce regular executive-ready reports mapped to relevant regulatory requirements.\\n 7. **Govern** : Create policies for acceptable use of AI\/LLM technologies and data hygiene.\\n\\n\\n\\nWith TotalAI, TotalAppSec, and TotalCloud working together, organizations can automate nearly all of these steps to correlate AI and cloud risks for more accurate prioritization and faster remediation.\\n\\n## Implementation tips\\n\\n * **Don\u2019t rely on manual inventory** \u2014 agentic AI and third-party models proliferate quickly.\\n * **Treat model artifacts as crown jewels** \u2014 back them up, control access, and ensure provenance.\\n * **Test for both safety and security** \u2014 safety (bias\/toxicity) and security (injection, exfiltration) are distinct but overlapping concerns.\\n * **Map remediation to business context** \u2014 fix high-business-impact risks first, not just high-severity CVEs without context.\\n * **Prepare for regulation** \u2014 the EU AI Act and similar rules will expect documented risk management for high-risk models.\\n\\n\\n\\nIntegrating TotalCloud ensures these controls extend into the cloud infrastructure where most AI systems ultimately operate.\\n\\n## Secure innovation is possible \u2014 but it\u2019s active work\\n\\nGenerative AI unlocks enormous value but creates new attack surfaces that require an evolution of security practice. Establish a Risk Operation Center (ROC), get complete visibility of AI assets, perform both safety and security testing, correlate vulnerabilities to real threats, and make remediation and reporting operational. Qualys TotalAI, combined with Qualys TotalCloud, brings full-spectrum AI LLM cloud and container risk into a single unified platform to deliver correlated insights, prioritized remediation, and continuous monitoring, powered by the TruRisk engine. With this integrated approach, organizations can accelerate AI adoption confidently and securely from day one.\\n\\n* * *\\n\\n**Get Started with Qualys Solutions Today.**\\n\\nTry Today\\n\\n* * *\\n\\n## Contributors\\n\\n * Balaji Venkatesan, Senior Director of Engineering, Data Platform, Qualys”,”published”:”2025-11-20T21:36:10″,”modified”:”2025-11-20T21:36:10″,”type”:”qualysblog”,”title”:”GenAI: Harness the Power, Eliminate the Risk \u2014 A Practical Playbook for Securing AI from Day One”,”source”:””,”references”:””,”id”:”QUALYSBLOG:1CC65DB5EB030D4348AD4B8E11F38E35″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/blog.qualys.com\/category\/product-tech”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-11-20T22:05:13″,”description”:”Enterprises everywhere are racing to leverage AI to gain sharper insights, automate workflows, and deliver richer customer experiences. Based on an assessment conducted by Bain…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,13,33,120,7,11,5],"class_list":["post-27014","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-qualysblog","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n