Cisco: Enterprise AI Security Risks Beyond Single Prompts

Enterprise AI security risk is moving beyond simple performance checks. Many current safety benchmarks don't fully show how AI systems behave under sustained attacks. Here's the thing: these benchmarks often focus on single-turn prompts, like one question and one answer. But real-world attackers don't work that way. New research from Cisco reveals that multi-turn attacks, where attackers refine prompts over extended conversations, expose many more vulnerabilities. Every proprietary frontier model tested showed "non-trivial" vulnerability under these multi-turn conditions. For example, single-turn attack success rates ranged from 2.19% to 64.91% across 15 models. But with multi-turn attacks, these rates jumped to between 7.89% and 88.30%. OpenAI GPT-5.4 went from 2.74% to 24.68% and Grok 4.1 Fast reached 88.30% in one test. The bottom line is that AI systems in businesses rarely face isolated prompts. This means understanding multi-turn attack vulnerabilities is crucial for enterprise security.