LLMs Under Attack: Known Vulnerabilities and Responsibilities Yet to Be Defined

 LLM Adoption Accelerates, but Who is Liable for Vulnerabilities? The Shared Responsibility Model for Secure Innovation. Insights from Sergio Ajani, Service & Solutions Design Director at Innovaway

Every day, thousands of companies entrust decisions, critical data, and operational processes to Large Language Models (LLMs). The urgency to innovate and maintain a competitive edge drives organizations to adopt this extraordinary technology, often underestimating a crucial factor: LLMs represent an unprecedented and rapidly evolving attack surface.

ISTAT data from 2025 confirms this trend: 16.4% of Italian companies with at least 10 employees have already integrated Generative AI solutions—a figure that has tripled compared to 2023. This acceleration, however, is outpacing governance-related:, leading to adoption without a mature risk assessment.

The Risk Perimeter: A Review of Vulnerabilities

For C-level executives and IT Managers, tackling the security bottleneck means first understanding that LLM vulnerabilities are not simple implementation flaws, but critical issues distributed across the entire system lifecycle.

• Training Phase and RAG Architectures: The primary risk is Data PoisoningPolluting datasets with unverified sources alters the model's behavior at its core. In Retrieval-Augmented Generation (RAG) architectures, this is compounded by the need for rigorous temporal governance-related: : keeping the knowledge base updated and monitored is a critical activity that cannot be automated or delegated to the model itself.
• Production and Usage Phase: The predominant threat is Prompt Injection, ranked first (LLM01:2025) in the OWASP Top 10 for AI application security. Malicious inputs can bypass system instructions, forcing the disclosure of sensitive data or anomalous outputs. 2025 industry studies confirm that, in the absence of layered protective filters, these techniques achieve a success rate of over 85%.
• The Era of AI Agents: With the integration of LLMs into operational tools (AI Agents), an erroneous or manipulated response translates into an erroneous action. The damage evolves: moving from purely informational to a direct operational impact on business processes.

These vulnerabilities stem from structural gaps along the value chain (design, integration, and updates), paving the way for the most insidious problem: the fragmentation of responsibility.

The Dispersion of Responsibility

 In the event of an LLM-related security incident, the real challenge is not technical, but legal and governance-related:: who is liable?

Currently, the answer is opaque. Decisions are made by different actors (Vendors, System Integrators, Customers) with misaligned levels of awareness. The inherently probabilistic output of LLMs and the extreme speed of adoption have led companies to integrate these systems into critical processes even before defining a shared risk framework. When the perimeter is breached, the tendency is to pass the buck to other links in the chain.

The Three Non-Delegable Levels of Security

To ensure corporate reliability, it is imperative to eliminate ambiguity through a precise mapping of responsibilities. There are three fundamental levels whose obligations cannot be transferred:

• The Model Vendor: They have the obligation to ensure that the base system is resilient against jailbreak or prompt injection attempts aimed at compromising information security. Competitive pressures do not justify releasing inherently vulnerable models.
• The System Integrator: As the technology partner, they hold responsibility for designing and securing the entire infrastructure. This includes data encryption, security model configuration, RAG architecture, and the segregation of access environments. The system's exposure level directly depends on the designed architecture.
• The Customer (Company): They act in a dual role. As the Data Controller, they are responsible for classifying the data and information fed into the system. As the Client, they own the ongoing governance-related: f the pipeline. No vendor knows the context and specificities of the business better than the organization itself; delegating this oversight to AI or third parties constitutes an unacceptable risk.

The Necessary Paradigm: Shared Responsibility

The transition to the Cloud faced similar challenges, which were resolved by adopting the Shared Responsibilitymodel, clarifying duties for every layer of the technology stack.

For Generative Artificial Intelligence, this framework is still missing, but building it is the top priority for the ICT sector. This is not merely a technical issue, but a strategic governance-related: challenge. Management must understand the implications of LLM adoption and the dangers of Shadow AI, aligning with Vendors and System Integrators to actively monitor every phase.

The true competitive advantage lies not in the simple adoption of LLMs, but in their implementation through a clear and structured responsibility model. Innovation allows no compromises on security: ignoring this urgency means exposing oneself to devastating costs—not only technical, but economic and reputational—at the very first, inevitable incident.

Click here to read the full interview with Sergio Ajani