Contact Us

Browse all AI models, governance frameworks, risk data and adoption statistics on CyberSanso — free, independent, updated regularly.

AI Risks and Limitations Explained: What Can Actually Go Wrong

Deploying an AI system without understanding its failure modes is equivalent to running software without understanding its security vulnerabilities. The harms are real, the attack surface is new, and most conventional security and quality playbooks do not transfer cleanly.

CyberSanso tracks these risks the same way we track cybersecurity vulnerabilities: with concrete descriptions, real examples, current statistics, and practical guidance for reducing exposure. The risks below are organized by category — their severity depends heavily on context. A hallucination in a marketing draft is an embarrassment; a hallucination in a clinical decision-support system is a patient safety incident.

The current risk picture is significant: 73% of AI systems assessed in 2026 security audits showed exposure to prompt injection vulnerabilities, with attack success rates of 50-84% depending on model configuration (SQ Magazine, 2026). 71% of enterprises cite data privacy and security as their top barrier to broader AI deployment (Deloitte). Understanding what can go wrong is the precondition for deploying AI responsibly.

Prompt Injection: The #1 AI Security Risk in 2026

Prompt injection is ranked #1 in the OWASP Top 10 for LLM Applications (2025) — the most critical security risk for AI systems accepting untrusted input. It occurs when malicious instructions embedded in an AI system’s input cause the model to ignore its original instructions and execute the attacker’s commands instead.

Direct injection: The attacker inputs malicious instructions directly into the prompt field. Indirect injection: Malicious instructions are embedded in content the AI processes — a document, webpage, email, or database record. When the AI reads that content, it executes the hidden instructions. Indirect injection now accounts for over 55% of attacks and has 20-30% higher success rates because the malicious instructions appear to come from trusted sources.

2026 statistics: 73% of AI systems show prompt injection exposure. Attack success rates: 50-84% standard; over 85% for adaptive techniques. Multi-hop indirect attacks rose 70%+ year-over-year. CrowdStrike documented prompt injection attacks against 90+ organizations. Real examples: CVE-2025-53773 (GitHub Copilot RCE via pull-request description injection, CVSS 9.6) and EchoLeak (Microsoft 365 Copilot data exfiltration via zero-click indirect injection).

Defense: No single mitigation fully prevents prompt injection. Effective defense requires layering — input validation, privilege-minimal agent design (limiting what the model can action even if manipulated), output monitoring, and an “assume breach” architecture limiting what a successfully injected model can do. Defense-in-depth frameworks can reduce prompt injection success rates from 73.2% to 8.7% in controlled conditions when implemented properly.

AI Hallucinations, Bias, and Other Key Risks

AI Hallucinations: An LLM generates a confident, plausible-sounding response that is factually incorrect. LLMs predict statistically likely next tokens — they do not retrieve verified facts. At the edges of training knowledge, models fill gaps with fluent but fabricated content. In clinical settings, a comprehensive evaluation framework measured a 1.47% hallucination rate — sounds low until you consider patient-scale impact. Legal professionals have faced court sanctions for submitting AI-generated briefs with fabricated case citations.

The most effective mitigation is Retrieval-Augmented Generation (RAG) — connecting the model to a verified document repository at inference time. Stanford research found combining RAG, RLHF, and guardrails reduced hallucinations by up to 96% compared to baseline models in controlled testing.

AI Bias: Systematic discriminatory patterns in AI outputs reflecting historical biases in training data. High-stakes domains: hiring (algorithm screening candidates based on demographic proxies), credit scoring (discriminatory lending outputs), healthcare (diagnostic accuracy gaps). The EU AI Act categorizes AI in employment, credit, and law enforcement as high-risk specifically because of documented bias risks in these domains.

Shadow AI: Employees using personal AI accounts for work tasks may inadvertently send sensitive company data to third-party AI providers under personal terms of service with no enterprise data protection. The primary mitigation: clear AI usage policy combined with approved, enterprise-contracted AI tooling that provides usage visibility and appropriate contractual protections.

Suspendisse ut ultricies augue. Sed at leo vitae tempus. Quisque a vel nulla vestibulum eleifend at id augue. Nullam volutpat justo eget justo finibus mattis. Nam, massa sit amet euismod fermentum.

Suspendisse ut ultricies augue. Sed at leo vitae tempus. Quisque a vel nulla vestibulum eleifend at id augue. Nullam volutpat justo eget justo finibus mattis. Nam, massa sit amet euismod fermentum.

Suspendisse ut ultricies augue. Sed at leo vitae tempus. Quisque a vel nulla vestibulum eleifend at id augue. Nullam volutpat justo eget justo finibus mattis. Nam, massa sit amet euismod fermentum.

Suspendisse ut ultricies augue. Sed at leo vitae tempus. Quisque a vel nulla vestibulum eleifend at id augue. Nullam volutpat justo eget justo finibus mattis. Nam, massa sit amet euismod fermentum.

Suspendisse ut ultricies augue. Sed at leo vitae tempus. Quisque a vel nulla vestibulum eleifend at id augue. Nullam volutpat justo eget justo finibus mattis. Nam, massa sit amet euismod fermentum.

Suspendisse ut ultricies augue. Sed at leo vitae tempus. Quisque a vel nulla vestibulum eleifend at id augue. Nullam volutpat justo eget justo finibus mattis. Nam, massa sit amet euismod fermentum.