AI's Black Box Problem: When Security Fixes Fall Short

Cobalt CTO Gunter Ollmann on Why Organizations Struggle With AI Vulnerabilities Mathew J. Schwartz (euroinfosec) • June 17, 2025

Organizations are racing to deploy artificial intelligence applications, but their ability to secure them is falling dangerously behind.

See Also: SASE and Zero Trust: The Backbone of Integrated Security (eBook)

According to Cobalt's State of Pentesting Report 2025, organizations can fix only 21% of generative AI vulnerabilities, a startlingly low figure that highlights a critical security gap.

"So much of AI is a black box. And so organizations that are deploying AI, they're deploying LLMs, installing their applications and adding chat bots, and they're all vulnerable to things," said Gunter Ollmann, CTO at Cobalt. Unlike traditional software vulnerabilities that companies can patch themselves, AI systems often rely on open-source models and external services beyond organizational control, leaving them powerless to address fundamental security flaws.

While companies excel at securing ...