While there's no shortage of advice on safeguarding Artificial Intelligence (AI) applications from a vast array of new threats, much of it still remains theoretical.
In this blog post, we'll share practical insights based on our real-world experiences defending customers' AI apps from emerging adversarial techniques, such as prompt injection and denial of wallet (DoW) attacks. Following the advice in this post can save you hundreds of thousands of dollars and protect your applications from all kinds of abuse at scale.
Challenges with Defending AI Apps from Growing Security Threats
The adoption of generative AI has unlocked immense potential for organizations across various industries. Large Language Models (LLMs) and AI-based text-to-image technologies are seeing rapid adoption, enabling the creation of features and applications no one thought possible only years ago. However, as the demand for AI surges, so do the risks associated with malicious automated threats and bot attacks.
High Costs: Using AI models – whether through third-party services like OpenAI or self-hosted infrastructure – can incur significant expenses. Invoking AI APIs is expensive compared to other commonly used compute primitives.
Relatively New Attack Surface: Many companies offer free or unauthenticated access to AI models, such as sandboxes or chatbots, creating vulnerabilities ripe for exploitation.
Understanding Security Threats to AI Models
As part of the Open Web Application Security Project (OWASP)'s Top 10 List of Risks to Large Language Models (LLMs) Applications, OWASP has outlined the different types of threats to AI in their AI Threat Map below.



