TL;DR

AI-specific attacks are not theoretical. Model theft, prompt injection, and data poisoning are happening now. This post covers the four threat categories every business leader needs to understand, with specific tools, real attack examples, and the governance framework to protect your AI investments.​‌‌​​​​‌‍​‌‌​‌​​‌‍​​‌​‌‌​‌‍​‌‌​‌‌​‌‍​‌‌​‌‌‌‌‍​‌‌​​‌​​‍​‌‌​​‌​‌‍​‌‌​‌‌​​‍​​‌​‌‌​‌‍​‌‌‌​‌​​‍​‌‌​‌​​​‍​‌‌​​‌​‌‍​‌‌​​‌‌​‍​‌‌‌​‌​​‍​​‌​‌‌​‌‍​‌‌​​‌​​‍​‌‌​​​​‌‍​‌‌‌​‌​​‍​‌‌​​​​‌‍​​‌​‌‌​‌‍​‌‌‌​​​​‍​‌‌​‌‌‌‌‍​‌‌​‌​​‌‍​‌‌‌​​‌‌‍​‌‌​‌‌‌‌‍​‌‌​‌‌‌​‍​‌‌​‌​​‌‍​‌‌​‌‌‌​‍​‌‌​​‌‌‌‍​​‌​‌‌​‌‍​‌‌​​​‌​‍​‌‌‌​‌​‌‍​‌‌‌​​‌‌‍​‌‌​‌​​‌‍​‌‌​‌‌‌​‍​‌‌​​‌​‌‍​‌‌‌​​‌‌‍​‌‌‌​​‌‌‍​​‌​‌‌​‌‍​‌‌​‌‌​​‍​‌‌​​‌​‌‍​‌‌​​​​‌‍​‌‌​​‌​​‍​‌‌​​‌​‌‍​‌‌‌​​‌​‍​‌‌‌​​‌‌

The New Threat Landscape

Your organisation just spent $2 million fine-tuning a model on proprietary data. That model is now a piece of intellectual property sitting on a server, accessible through an API, and probably not protected by anything more than a rate limiter. Attackers know this. They are not coming for your databases. They are coming for your models.

Four AI-specific threat categories now sit at the top of every security risk register. Here they are, with what actually happens and what to do about it.​‌‌​​​​‌‍​‌‌​‌​​‌‍​​‌​‌‌​‌‍​‌‌​‌‌​‌‍​‌‌​‌‌‌‌‍​‌‌​​‌​​‍​‌‌​​‌​‌‍​‌‌​‌‌​​‍​​‌​‌‌​‌‍​‌‌‌​‌​​‍​‌‌​‌​​​‍​‌‌​​‌​‌‍​‌‌​​‌‌​‍​‌‌‌​‌​​‍​​‌​‌‌​‌‍​‌‌​​‌​​‍​‌‌​​​​‌‍​‌‌‌​‌​​‍​‌‌​​​​‌‍​​‌​‌‌​‌‍​‌‌‌​​​​‍​‌‌​‌‌‌‌‍​‌‌​‌​​‌‍​‌‌‌​​‌‌‍​‌‌​‌‌‌‌‍​‌‌​‌‌‌​‍​‌‌​‌​​‌‍​‌‌​‌‌‌​‍​‌‌​​‌‌‌‍​​‌​‌‌​‌‍​‌‌​​​‌​‍​‌‌‌

​‌​‌‍​‌‌‌​​‌‌‍​‌‌​‌​​‌‍​‌‌​‌‌‌​‍​‌‌​​‌​‌‍​‌‌‌​​‌‌‍​‌‌‌​​‌‌‍​​‌​‌‌​‌‍​‌‌​‌‌​​‍​‌‌​​‌​‌‍​‌‌​​​​‌‍​‌‌​​‌​​‍​‌‌​​‌​‌‍​‌‌‌​​‌​‍​‌‌‌​​‌‌

1. AI-Powered Phishing and Deepfake Social Engineering

The attack: Criminals are using generative AI to clone voices, generate convincing phishing emails at scale, and impersonate executives on video calls. These are not grainy, laggy fakes from 2023. Current deepfake tools produce real-time video with lip sync accurate enough to fool finance teams.

Real example: In February 2024, a multinational firm in Hong Kong lost $25 million after an employee attended a video call with what appeared to be the CFO and several colleagues. Every participant on the call was a deepfake. The employee authorised the transfer.

The numbers: The FBI's Internet Crime Complaint Center reported that business email compromise losses exceeded $2.9 billion in 2023, with AI-generated content now accelerating the volume and sophistication of these attacks. Deepfake-related fraud incidents grew 3,000% between 2022 and 2024 according to identity verification provider Onfido.

What to do:

  • Implement out-of-band verification for any financial transfer over $10,000. A phone call to a known number, not the one in the email.
  • Deploy deepfake detection tools like Reality Defender or Intel's FakeCatcher for video call verification on sensitive meetings.
  • Train finance and HR teams specifically on AI-generated phishing. Traditional phishing training does not cover generative AI tactics.

2. Prompt Injection and AI Agent Security

The attack: Your company deploys an AI agent that reads emails, summarises documents, or accesses internal systems. An attacker sends a carefully crafted message that overrides the agent's instructions, making it exfiltrate data or execute unauthorised actions.

Real example: In 2024, a researcher demonstrated that simply embedding invisible text in a webpage, white text on a white background, could cause AI assistants reading that page to inject malicious instructions. Multiple production AI agents were shown to be vulnerable to this class of attack. The technique works because the model sees all text equally regardless of rendering.

The numbers: The OWASP Top 10 for LLM Applications lists prompt injection as the number one vulnerability. Indirect prompt injection, where poisoned data sits in documents the AI later retrieves, is listed as a separate entry because the attack surface is entirely different from direct chat injection.

What to do:

  • Never give an AI agent access to systems it does not strictly need. If an agent only needs to read a database, it gets read-only credentials.
  • Implement input and output guardrails using tools like NVIDIA NeMo Guardrails or Guardrails AI. These sit between the model and the world, validating both what comes in and what goes out.
  • Treat every piece of data the agent ingests, emails, web pages, documents, as potentially hostile. Sanitise before the model sees it.

3. Model Theft and Intellectual Property Extraction

The attack: Attackers query your model's API thousands of times and use the responses to train a clone. This is not theoretical. Model extraction attacks have been demonstrated against commercial APIs from OpenAI, Anthropic, and others. The cloned model performs similarly to the original but costs the attacker nothing to own.

Real example: In 2023, researchers extracted a functional clone of a production language model using fewer than $1,000 worth of API queries. The technique, called model stealing via query-based distillation, required no internal access. Just the public API.

The numbers: Training a frontier model costs between $10 million and $100 million. Fine-tuning a specialised model on proprietary data can cost $100,000 to $500,000. An attacker can extract a useful clone for under $5,000 in API costs using systematic querying techniques. The economics of theft heavily favour the attacker.

What to do:

  • Implement query-level monitoring with anomaly detection. A single API key making 10,000 queries in an hour with systematically varying prompts is not a user. It is an extraction attempt.
  • Use response watermarking or fingerprinting where feasible. Tools like model watermarking embed detectable patterns in model outputs that survive distillation.
  • Rate limit aggressively and log every query. If you cannot detect extraction, you cannot stop it.

4. Data Poisoning and Supply Chain Attacks

The attack: Your model is only as good as its training data. Attackers poison public datasets, compromise third-party fine-tuning services, or inject malicious examples that create backdoors in the model's behaviour. When a specific trigger phrase appears, the poisoned model behaves in attacker-controlled ways.

Real example: In 2024, researchers demonstrated that poisoning just 0.01% of a training dataset could create reliable backdoors in image classification models. For language models, poisoning instruction-tuning data with as few as 100 malicious examples created persistent unwanted behaviours that survived subsequent fine-tuning.

The numbers: The cost to poison a moderately popular open dataset, through submitting malicious contributions to public repositories, has been estimated at under $500. The cost to remediate a discovered poisoned model can exceed $100,000 in retraining and validation alone.

What to do:

  • Vet every data source. If you are fine-tuning on scraped web data, you are fine-tuning on attacker-controlled data. Use curated, verified datasets where possible.
  • Implement data provenance tracking. Know where every training example came from and maintain the ability to trace model behaviour back to its source data.
  • Run adversarial validation on training data. Tools like TextFooler and the Adversarial Robustness Toolbox from IBM can help detect poisoning attempts before they reach training.

5. The Governance Framework Businesses Actually Need

The problem: Most organisations have no AI-specific security governance. Their existing infosec policies were written before language models existed. The gap is not theoretical. It is already being exploited.

The framework: The NIST AI Risk Management Framework, released in January 2023 and updated through 2025, provides the most practical starting point. It organises AI risk into four functions: Govern, Map, Measure, and Manage. Pair it with the OWASP Top 10 for LLM Applications for the technical controls.

What a minimum viable AI security program looks like:

  • An inventory of every AI model in the organisation, including shadow AI where employees use unapproved tools. If you do not know it exists, you cannot secure it.
  • A risk assessment for each model covering the four threat categories above. Not a checkbox exercise. Actual assessment by someone who understands the attacks.
  • Technical controls: API rate limiting with anomaly detection, input/output filtering, data provenance tracking, and out-of-band verification for high-risk actions.
  • An incident response plan that covers AI-specific scenarios. If your model is stolen tomorrow, who gets called and what do they do?

The cost reality: A basic AI governance program for a mid-market company, including tooling, assessment, and process implementation, runs $30,000 to $80,000. The average cost of a data breach in Australia, according to IBM's 2024 Cost of a Data Breach report, is $4.2 million. The maths is straightforward.

FAQ

Q: Our company is not building AI models. Do we still need to worry about these threats?

Yes. If your employees use ChatGPT, Copilot, or any AI tool, you face prompt injection and data exfiltration risks. If your executives appear in public videos, they are vulnerable to deepfake cloning. AI security is not just for AI companies. It is for any company whose employees use AI, which is now every company.

Q: How do we know if someone is trying to steal our model through the API?

Monitor query patterns. Extraction attacks look different from normal usage. They involve systematic variation of prompts, high query volumes, and attempts to elicit maximal information from each response. If you see these patterns, investigate immediately.

Q: What is the single most impactful thing we can do this week?

Create an inventory of every AI tool and model in your organisation. Include shadow AI. You cannot protect what you do not know exists. This is a one-day exercise for most companies and it surfaces risks that are invisible to leadership.

Q: Are there insurance products for AI-specific risks?

Yes. Major cyber insurers, including AIG, AXA XL, and Beazley, now offer AI-specific endorsements covering model theft, AI-driven social engineering fraud, and algorithmic liability. Premiums are evolving as the risk is new, but coverage exists. Ask your broker specifically about AI endorsements.

Conclusion

AI-specific attacks are not a future problem. Model theft is happening now. Prompt injection is trivial to execute. Deepfake social engineering has already caused multi-million-dollar losses. The tools to defend against these threats exist. The governance frameworks exist. What is missing in most organisations is awareness and action.

Start with the inventory. Assess your exposure across the four threat categories. Implement the technical controls that match your risk level. Build the incident response plan before you need it.

Visit consult.lil.business for a free cybersecurity assessment. We will help you map your AI attack surface and build the controls to protect your models, your data, and your business.

References

  1. NIST AI Risk Management Framework
  2. OWASP Top 10 for LLM Applications
  3. IBM Cost of a Data Breach Report 2024
  4. FBI Internet Crime Report 2023 — Business Email Compromise
  5. ACSC Guidelines for Secure AI System Development

How AI Helps Your Business Make Smarter Choices (ELI10 Edition)

TL;DR

  • Running a business means making lots of big decisions — and most people make them on gut feeling, which is risky
  • AI can look at all your business data and help you make smarter choices, like a super-powered advisor
  • Businesses using AI to make decisions see up to 3× more revenue per person than businesses that don't [1]
  • You don't need to be a data expert — the tools do the hard work
  • lil.business can help you set up the right AI tools for YOUR business decisions

Every Business Makes Decisions. Most Are Guesses.

Think about the decisions running a business involves:

  • How much stock should you order this month?
  • Should you hire another person?
  • Is your pricing right, or are you leaving money on the table?
  • When will you have a cash flow problem — before it happens?
  • Which customers are about to leave?

Most small business owners answer these questions based on experience and gut feeling. That's not a bad thing — experience matters. But gut feeling can only process so much information. Your brain can't track 500 customers' buying patterns simultaneously, or spot a pricing opportunity hidden in three years of sales data.

AI can. And when businesses use AI to support their decisions, the results are measurable. According to PwC's Global AI Jobs Barometer, businesses using AI show 3× higher revenue growth per worker than those that don't [1].

Think of AI as a Really Smart Business Analyst

Imagine hiring a brilliant analyst who:

  • Read every sales record, invoice, and customer interaction your business has ever had
  • Can spot patterns in all that data in seconds (like "you always run out of X product in September")
  • Never gets tired, never goes home, and updates their analysis every day automatically
  • Gives you a clear recommendation before you need to make an important decision

That's what AI decision support does. It's not replacing your judgment — it's giving you much better information to apply your judgment to.

McKinsey estimates that AI could unlock between US$2.6 trillion and US$4.4 trillion in value for businesses globally [2]. The biggest chunk of that value comes from better decisions — in pricing, in staffing, in what to stock, in who to sell to.

Real Examples of What AI Can Help You Decide

"How much should I order?"

AI inventory forecasting looks at your past sales, factors in seasons (Christmas rush, school holidays, winter) and even the weather if it matters for your business — and tells you exactly how much to order, weeks in advance.

Instead of ordering too much (money stuck in stock you can't sell) or too little (missing sales because you've run out), AI keeps you in the sweet spot.

Businesses using AI for this kind of forecasting have reduced their errors by 30–50% compared to doing it manually [3].

"Are my prices right?"

This is a sneaky one. Most small businesses set prices once and barely change them. AI pricing tools look at what's selling, what's not, when demand is high, and where you have room to charge more — or where you're pricing yourself out of sales.

You don't need to change prices every hour like an airline does. Even using AI to review your pricing once a quarter can catch significant opportunities you'd otherwise miss.

"Am I going to run out of cash?"

Cash flow problems are the number-one reason small businesses close — even profitable ones. The money's owed to you, but it hasn't arrived yet, and your bills are due.

AI cash flow tools plug into your accounting system (like Xero or MYOB) and show you, weeks in advance, when you're going to be short. That gives you time to chase invoices, delay a purchase, or arrange a short-term credit line before it becomes a crisis.

IBM used AI on its own finances and is on track to save US$4.5 billion by the end of 2025 [4]. You won't save billions, but the proportional impact on an SMB can be just as significant.

"Should I hire someone?"

AI HR tools look at your sales patterns, workload data, and team capacity — and tell you when you're genuinely understaffed (not just stressed) and when you can handle more without hiring. They can also help screen job applications by matching candidates to the profile of your best performers.

AI Doesn't Make the Decision. You Do.

This is really important to understand. AI gives you better information. You still make the call.

Think of it like GPS navigation. GPS tells you the fastest route based on traffic data, but you can choose to ignore it because you know a shortcut the GPS doesn't. Your local knowledge and judgment still matter — you just have much better information to work with.

Gartner (a tech research company) predicts that by 2028, only about 15% of day-to-day business decisions will be made fully by AI on its own [5]. The rest still need a human. The goal is making that human (you) as well-informed as possible.

"But I'm Not a Data Person"

You don't need to be. Modern AI business tools are designed for normal business owners, not data scientists.

Most of them connect directly to the tools you're already using — your accounting software, your website analytics, your POS system — and present the insights in plain language, not graphs that require a statistics degree.

The setup is where it helps to have an expert. lil.business makes sure you connect the right data sources, configure the tools correctly, and understand how to interpret what you're seeing. After setup, the tools run themselves.

One Important Rule: Keep Humans In Charge of Big Decisions

As AI tools get better, it's tempting to let them make more decisions automatically. For small stuff (reordering common stock, routing routine customer emails) — go for it.

But for decisions that really matter — hiring, pricing strategy, major purchases, entering a new market — always keep a human in the loop. Not because AI is bad, but because AI can only see the data it has access to. It can't see the conversation you had at an industry event, or the new competitor you heard is moving into your area, or the regulatory change you know is coming.

Your judgment, combined with AI's data processing, is more powerful than either alone.

FAQ

Yes, sometimes. AI is as good as the data it's trained on. If your data is incomplete, or if something unusual happens (a new competitor, a pandemic), AI can miss it. That's why you always review AI recommendations before acting on them, especially for big decisions.

No — and this is something lil.business specifically checks. Some AI tools use your business data to train shared models (which means your data helps a competitor's AI). lil.business only recommends tools with strong data privacy policies, and we configure them to protect your information.

You'll start seeing better data visibility from day one. But improved decisions take time to demonstrate — you need to make some decisions, see the outcomes, and compare them to your old approach. Most businesses see clear evidence of improvement within 3–6 months.

Most AI decision-support tools for SMBs cost AU$100–$500 per month. Given that better inventory decisions, pricing, and cash flow management can easily save multiples of that, the ROI is usually straightforward to demonstrate.

This is a real challenge — and one of the most common reasons AI implementations fail. The key is starting with a use case that genuinely helps the person doing the work, not just the business owner. When a team member sees AI saving them two hours of weekly report-building, they become advocates. lil.business helps design AI roll-outs that bring teams along rather than forcing change from the top.

What to Do Next

  1. Pick one decision your business makes regularly that you find stressful or uncertain
  2. Ask yourself what data you'd need to feel confident making that decision
  3. Book a free chat with lil.business — we'll tell you if AI can help and what it would take to set it up

Better decisions compound. One better pricing decision this quarter leads to higher margins next year. One better hiring decision this month leads to a stronger team for years. The sooner you start, the more those improvements add up.

References

[1] PwC, "2024 Global AI Jobs Barometer," PwC Global, May 2024. [Online]. Available: https://www.pwc.com/gx/en/issues/artificial-intelligence/ai-jobs-barometer.html

[2] McKinsey & Company, "The Economic Potential of Generative AI: The Next Productivity Frontier," McKinsey Global Institute, Jun. 2023. [Online]. Available: https://www.mckinsey.com/capabilities/mckinsey-digital/our-insights/the-economic-potential-of-generative-ai-the-next-productivity-frontier

[3] Deloitte, "AI in Supply Chain: Predictive Analytics and Lead-Time Variability," Deloitte Insights, 2023. [Online]. Available: https://www2.deloitte.com/insights/us/en/industry/retail-distribution/ai-in-supply-chain.html

[4] IBM, "Enterprise Transformation and Extreme Productivity with AI," IBM Think Insights, Jan. 2026. [Online]. Available: https://www.ibm.com/think/insights/enterprise-transformation-extreme-productivity-ai

[5] Gartner, "Top Strategic Technology Trends for 2025: Agentic AI," Gartner, Oct. 2024. [Online]. Available: https://www.gartner.com/en/documents/5850847

[6] McKinsey & Company, "The State of AI in 2025," McKinsey Global Institute, Nov. 2025. [Online]. Available: https://www.mckinsey.com/capabilities/quantumblack/our-insights/the-state-of-ai

[7] Mercer, "2024–2025 Global Talent Trends Report," Mercer, 2024. [Online]. Available: https://www.mercer.com/assets/za/en_za/shared-assets/global/attachments/pdf-mercer-2024-2025-global-talent-trends.pdf

[8] Bain & Company, "Survey: Generative AI Uptake Is Unprecedented Despite Roadblocks," Bain & Company, Oct. 2024. [Online]. Available: https://www.bain.com/insights/survey-generative-ai-uptake-is-unprecedented-despite-roadblocks/

[9] Federal Reserve Bank of St. Louis, "The Impact of Generative AI on Work Productivity," On the Economy Blog, Feb. 2025. [Online]. Available: https://www.stlouisfed.org/on-the-economy/2025/feb/impact-generative-ai-work-productivity

Ready to stop guessing and start deciding with confidence? Book a free consultation with lil.business — we'll help you figure out which AI tools will make the biggest difference to the decisions that matter most in your business.

Ready to strengthen your security?

Talk to lilMONSTER. We assess your risks, build the tools, and stay with you after the engagement ends. No clipboard-and-leave consulting.

Get a Free Consultation