LLM vulnerabilities also have the lowest resolution rate of all app types pen-tested, with just 38% of high-risk issues fixed, according to data collected during pen tests conducted by Cobalt.
Furthermore, one in five organizations surveyed by Cobalt reported experiencing an LLM security incident in the past year, with a further 18% “unsure” and 19% preferring not to answer.
Third-party security experts quizzed by CSO say Cobalt’s findings align with what they’ve seen on the ground.
“AI systems are being rolled out quickly, but often without the same mature security controls, testing discipline, and governance applied to conventional enterprise software,” says Benny Lakunishok, CEO and co-founder of Zero Networks. “That naturally increases the share of serious findings.”
