AI Security in 2025: From Backdoors to Agent Threats

2025 AI Security Summary: From Backdoors to Agent Threats

At the beginning of 2026, leading Russian researchers in artificial intelligence security gathered to summarize the past year and discuss its key trends. Experts, including Artem Semenov (PWN AI), Boris Zakhir (Boris_ь с ml), Evgeny Kokuikin (HiveTrace, Evgeny Kokuikin - Raft) and Vladislav Tushkanov (llm security, kalany), shared their observations on the rapid transformation of the industry. Central to the discussion were questions related to the ineffectiveness of traditional protective mechanisms and the growing sophistication of attacks on AI systems.

Particular attention was paid to new types of threats, such as LoRA-backdoors, and increasing challenges related to controlling autonomous AI agents. The main conclusion reached by participants is that absolute security in the field of AI is unattainable, and any modern defense system represents a complex compromise between performance and minimization of attack vectors.

The past year of 2025 proved to be pivotal for the AI security industry. While previously the main focus was on relatively simple attacks aimed at bypassing standard filters and obtaining unwanted responses from models, we are now witnessing a shift toward more complex and hidden methods. Experts noted that classical "guardrails" – mechanisms designed to limit AI behavior – often prove ineffective against targeted attacks. Paradoxically, the cost of such attacks has decreased due to the emergence of new tools and methodologies, making them accessible to a wider range of attackers. Researchers emphasized that AI system developers are in a constant arms race, trying to anticipate and block new threat vectors, while attackers adapt and find new vulnerabilities.

One of the most discussed topics was LoRA-backdoors. This relatively new type of threat represents hidden vulnerabilities that are embedded in models during the fine-tuning stage using Low-Rank Adaptation (LoRA) techniques. Unlike traditional backdoors, which may be more obvious, LoRA-backdoors are often imperceptible and can be activated only under certain conditions or requests.

They can be used to steal data, manipulate model outputs, or even completely disable a system. Researchers emphasized that detecting such hidden mechanisms requires deep analysis of the model's architecture and behavior, which significantly complicates the task of protection. Another source of concern has been autonomous AI agents.

As these agents become increasingly complex and capable of performing tasks independently, controlling their actions becomes a critically important problem. The behavior of such agents can be unpredictable, and their ability to self-learn and adapt can lead to unforeseen consequences that are difficult or impossible to control. Experts expressed concerns that in the future, autonomous agents could become a powerful tool in the hands of attackers.

The implications of these trends for the AI security industry are multifaceted. First, this means that traditional approaches to ensuring security are becoming insufficient. New, more sophisticated methods of detecting and preventing threats are needed that take into account the specifics of modern AI models.

Second, the role of expert knowledge and deep understanding of AI principles is growing. Fighting new threats requires not only technical skills but also the ability for analytical thinking and forecasting. Third, there is a need to reconsider the very concept of "AI security."

As participants in the discussion emphasized, absolute security does not exist. Each defense system is a compromise between the level of security, system performance, and ease of use. The task is to find an optimal balance while minimizing potential risks.

In conclusion, 2025 demonstrated that artificial intelligence security is a dynamic and constantly evolving field. Threats are becoming increasingly sophisticated, and traditional protective methods are losing their effectiveness. The implementation of LoRA-backdoors and the growth of autonomous AI agents present researchers and developers with new, complex challenges. The key takeaway was the understanding that the pursuit of absolute security is a utopia. Instead, the focus should be shifted to developing flexible, adaptive defense systems that can withstand a constantly changing threat landscape, while acknowledging the inevitability of trade-offs. The future of AI security will be determined by the industry's ability to innovate and anticipate, as well as its readiness for continuous learning and adaptation.