Alright, so this AI reasoning stuff, it’s a problem, a big problem, and it’s getting worse, like, way worse. We thought these large language models, these LLMs, were just going to be super smart and helpful, and they are, they can do so many tasks, so many things, but that very capability, that step-by-step thinking, that reasoning process, it’s a massive security hole. It’s a vulnerability. New research, like from Palo Alto Networks’ Unit 42 team, they used automated testing tools and those tools achieved a near-perfect 99% success rate, a 99% success rate, in bypassing security controls on several premier architectures. Even the really large models, the ones with over 70 billion parameters, they were highly susceptible, very susceptible.

Their complexity, it actually made them more vulnerable, more of a surface area for logic-based manipulation, so bigger doesn’t mean safer, not at all, it’s the opposite. IBM’s 2026 research, they have this Correlated Knowledge Attack model, and that thing, it achieves a 95% bypass rate, 95%, by using harmless prompt weaving. It breaks down a dangerous instruction into tiny, innocent-looking sub-queries, and those queries, they just pass right through filters, but then they assemble into a dangerous output, a dangerous output, once generated. It’s sneaky, very sneaky. A University of Calabria study, published late 2025, found that 94% of state-of-the-art LLMs, 94% of them, are vulnerable to exploitation. That’s almost all of them, almost every single one.

And HackerOne’s 2025 Hacker-Powered Security Report, it documented a 540% surge, a 540% surge, in valid prompt injection reports year-over-year. The attacks are happening, and they are increasing, and they are increasing fast. We’ve seen real-world examples, like, you know, Samsung employees, they accidentally leaked confidential information, sensitive code, by pasting it into ChatGPT for review in 2023. That’s not even a malicious attack, that’s just normal use, and boom, data gone. There was also a Chevrolet dealership’s AI chatbot, it got manipulated into offering a $76,000 Tahoe for just $1.

A single dollar. That’s a huge financial risk, a huge financial risk. The NVIDIA AI Red Team, they identified a new type of attack, multimodal cognitive attacks, and these attacks, they target the model’s problem-solving processes, not just the input or output vulnerabilities. It’s about weaponizing the model’s instinct to solve problems, turning inference computations into execution paths, and that’s a whole new level of bad. The Gemini 2.5 Pro model, for example, it was susceptible to a sliding puzzle attack, and that attack bypassed traditional input filtering mechanisms.

It’s not just text, it’s images, it’s audio, it’s everything. And then there’s the Gemini CLI, a critical Remote Code Execution vulnerability, GHSA-wpqr-6v78-jr5g, with a CVSS score of 10.0, was found in it. A 10.0, that’s as bad as it gets, allowing full control over the system executing the tool, a critical supply-chain security threat. What are we even doing?These models, they can be forced into logical loops, like with paradoxical questions, and that’s a denial-of-service attack, a DoS attack. They get stuck, they waste resources, they can’t reach a conclusion.

Or you give them a false assumption, like “explain scientifically why 1+1=4,” and they’ll try to justify it, leading to extended, nonsensical reasoning chains, just burning up resources. The issue is that current defenses, they’re not enough, they’re not built for this. Traditional security tools, they don’t parse natural language inside an HTTPS tunnel, they don’t understand semantic intent. The tools we have, they were designed for a different threat model, a totally different threat model. We need defenses built directly into the surrounding software architecture, not just in the prompt box. I mean, I bought some NVDA stock on July 31, 2024, at $117.50, thinking AI would just keep going up and up, and it has, but these security issues… it makes you wonder, doesn’t it?

I’m planning to sell if it drops below $180, because the volatility, it’s just too much, too much risk, and these AI security problems, they add to that risk, they really do. It’s not just about prompt injection anymore, it’s about data poisoning, it’s about adversarial attacks, it’s about model inversion, stealing training data, and model theft, copying proprietary AI. It’s about supply chain poisoning, compromising AI infrastructure, and AI-enhanced social engineering, deepfakes, all of it. The attackers, they have access to these incredible tools, and they are using them to find vulnerabilities faster and in greater numbers than ever before. It’s changing the cybersecurity threat landscape at a speed and scale beyond human capability.