AI Security Glossary

A glossary of the attack types and system components specific to AI and machine-learning security — 20 terms covering techniques like prompt injection, jailbreaks, and model poisoning, plus the AI components they target. Every entry is backed by 10,621 real CVE mappings, so each definition connects to the vulnerabilities where it actually appears.

12
Attack Types
8
AI Components
10,621
CVE Mappings

What are the AI attack types?

Code Execution
1219 CVEs
296 critical

Remote code execution vulnerabilities in AI frameworks and inference servers allow attackers to run arbitrary code on hosts running ML inference, training, or agent workloads — often via unsafe deserialization or template injection.

Auth Bypass
1109 CVEs
179 critical

Authentication bypass vulnerabilities in AI platforms and inference servers let attackers reach protected model endpoints, admin interfaces, or other tenants' data without valid credentials.

Data Extraction
903 CVEs
155 critical

Data extraction attacks against AI systems exfiltrate training data, model weights, user conversations, system prompts, or other sensitive material through inference-time queries or vulnerable APIs.

Supply Chain
720 CVEs
142 critical

Supply chain attacks against AI compromise the software, model, or data dependencies of an ML system — including poisoned PyPI/npm packages, malicious HuggingFace model uploads, and tampered training data distributed through trusted channels.

DoS
641 CVEs
26 critical

Denial-of-service attacks against AI systems exploit resource-intensive operations — long-context inference, expensive tokenization, or recursive agent loops — to exhaust compute, memory, or API budget.

Data Leakage
317 CVEs
35 critical

Data leakage vulnerabilities allow unauthorized access to sensitive data processed by AI systems — including PII memorised in training data, API keys included in prompts, or confidential information returned in model responses.

Privacy Violation
180 CVEs
18 critical

Privacy violations in AI systems involve unauthorized collection, processing, or exposure of personal data through model memorization, training-data leaks, third-party API logging, or inadequate consent management.

Prompt Injection
142 CVEs
37 critical

Prompt injection is an attack where adversaries craft malicious input to manipulate an LLM into ignoring system instructions, exfiltrating data, or executing unauthorized actions. It is the most common attack vector against generative AI.

Social Engineering
63 CVEs
4 critical

AI-enhanced social engineering uses generative models to scale phishing, impersonation, deepfake fraud, and deceptive content — making attacks that previously required skilled humans cheap and ubiquitous.

Model Poisoning
43 CVEs
7 critical

Model poisoning corrupts a machine-learning model during training by injecting malicious data, modifying weights, or tampering with the training pipeline to plant backdoors or degrade specific behaviours.

Adversarial Examples
9 CVEs

Adversarial examples are inputs deliberately perturbed to cause a machine-learning model to produce wrong outputs while appearing normal to humans, exploiting the high-dimensional geometry of neural networks.

Jailbreak
2 CVEs

Jailbreaking refers to techniques that bypass safety guardrails and content filters in language models, enabling generation of harmful, restricted, or policy-violating content the model was trained to refuse.

What are the AI components?

Framework
1902 CVEs
327 critical

AI/ML frameworks (LangChain, LlamaIndex, PyTorch, TensorFlow, Hugging Face Transformers) are the foundational libraries for building AI applications. Vulnerabilities here have wide blast radius due to high adoption.

Agent
1081 CVEs
183 critical

AI agent frameworks (AutoGPT, LangGraph, CrewAI, AutoGen) orchestrate LLM-driven autonomous actions over tools and APIs. Their tool-use capabilities create attack surfaces not present in simple chat interfaces.

Inference
698 CVEs
88 critical

Inference-layer vulnerabilities target the serving infrastructure that runs ML models in production — including vLLM, TensorRT, Triton, BentoML, Ray Serve, and Ollama — where bugs expose compute, data, and other tenants.

API
482 CVEs
76 critical

AI API vulnerabilities affect the interfaces used to interact with language models and ML services — including authentication, rate limiting, input validation, and response handling — and often expose paid compute to abuse.

Plugin
455 CVEs
60 critical

Plugin and tool vulnerabilities affect the external integrations that extend AI systems — browser tools, code interpreters, API connectors, file-system access — and are a primary lever for prompt-injection escalation in agents.

Model
339 CVEs
49 critical

Model-level vulnerabilities affect the trained weights, architectures, or inference behaviour of AI/ML models — including adversarial robustness, backdoor attacks, model extraction, and unsafe model-file formats.

Training Data
196 CVEs
29 critical

Training-data vulnerabilities involve poisoned datasets, data theft, privacy violations in training corpora, and unauthorized use of copyrighted or sensitive content during model training.

RAG
120 CVEs
24 critical

RAG (Retrieval-Augmented Generation) vulnerabilities target the vector store, embedding pipeline, or retrieval logic that grounds LLM responses in external knowledge — exposing the application to data poisoning and indirect prompt injection.

Frequently asked questions

What is an AI security glossary?

An AI security glossary defines the attack types and system components specific to AI and machine-learning systems — terms like prompt injection, jailbreaks, model poisoning, and training-data extraction — and links each to the real vulnerabilities where it appears.

What AI attack types does the glossary cover?

It covers AI/ML attack techniques such as prompt injection, jailbreaks, model poisoning, adversarial examples, and data leakage — each entry backed by the real CVEs mapped to that technique.

What AI components does it cover?

It covers the building blocks of AI systems — LLMs, agents, vector databases, inference servers, training pipelines, and similar — and the vulnerabilities that affect each.

How are glossary terms linked to real vulnerabilities?

Every term is mapped to the AI/ML CVEs where it appears — 10,621 real CVE mappings across the glossary — so a definition connects directly to operational threat data.

Why does AI security need its own glossary?

AI systems have a distinct attack surface — prompt injection, model poisoning, tool-use exploits — that generic security vocabularies do not describe. This glossary names those threats and ties them to evidence.