AI Models Vulnerable: Cisco Exposes Multi-Turn Prompt Flaws

Leading AI models are more vulnerable to malicious prompts than vendors claim. This is according to a new report from Cisco researchers. What's interesting is that AI vendors assume their models are safe if they can block single malicious prompts. However, hackers are increasingly using multistage prompts to bypass defenses. Most models are not prepared for these multi-turn attacks. Cisco evaluated 15 leading AI models from companies like OpenAI, Anthropic, Google, Amazon, and xAI. Their tests showed that multi-turn attacks had success rates ranging from 8% to 88%. This is compared to single-turn attacks, which had success rates between 2% and 65%. The researchers found that every model tested showed significant vulnerability to multi-turn attacks. An xAI model, Grok 4.1 Fast Non-Reasoning, performed the worst, with an 88% success rate for multi-turn attacks. Even the best-performing model, Amazon’s Nova 2 Lite, failed to withstand 8% of these attacks. The bottom line is that this underappreciated danger could expose businesses using AI tools to disruptions and harm.