• Application Security Cyber Risk Cybersecurity Operations Vulnerabilities & Threats News Lessons From AI Hacking: Every Model, Every Layer Is Risky After two years of finding flaws in AI infrastructure, two Wiz researchers advise security pros to worry less about prompt injection and more about vulnerabilities. • February 20, 2026 When Hillai Ben Sasson and Dan Segev set out to hack AI infrastructure two years ago, they expected to find vulnerabilities - but they didn’t expect to compromise virtually every major AI platform they targeted. • The two researchers - who work in offensive and defensive research, respectively, at cloud-security firm Wiz - wanted to experiment with how they could attack the AI infrastructure being deployed as part of foundational models, AI services, and in-house AI projects. • Yet, what started as simple attacks on the AI supply chain - such as abusing the widely usedPickle format to run arbitrary code- evolved into a comprehensive threat assessment spanning five distinct layers of the AI stack. • They plan to present the lessons learned over their two years of research atthe upcoming RSAC Conference in March. • Perhaps the most important lesson: Focus on the infrastructure used to to train, run, and host AI services, and not onprompt-injection attacks, says Segev, a security architect in the Office of the CTO at Wiz.

Article Summaries:

  • Wiz researchers Hillai Ben Sasson and Dan Segev have spent two years probing AI infrastructure and discovered that almost every major AI platform contains vulnerabilities. Their attacks began with simple supply‑chain exploits, such as abusing the Pickle format to run arbitrary code, and expanded into a comprehensive threat assessment covering five layers of the AI stack-from training to deployment. At the upcoming RSAC Conference, they will emphasize that security teams should focus on the underlying infrastructure rather than prompt‑injection attacks. Their findings come amid growing CISO concern, with 83 % worried about AI’s access to core business systems.

Sources: