{"id":112743,"date":"2026-01-22T09:32:31","date_gmt":"2026-01-22T17:32:31","guid":{"rendered":"https:\/\/www.backblaze.com\/blog\/?p=112743"},"modified":"2026-01-22T09:32:34","modified_gmt":"2026-01-22T17:32:34","slug":"the-new-shape-of-risk-how-generative-ai-is-changing-the-security-landscape","status":"publish","type":"post","link":"https:\/\/www.backblaze.com\/blog\/the-new-shape-of-risk-how-generative-ai-is-changing-the-security-landscape\/","title":{"rendered":"The New Shape of Risk: How Generative AI Is Changing the Security Landscape"},"content":{"rendered":"\n
\"A<\/figure>\n\n\n\n
<\/div>\n\n\n\n

As generative AI has shifted from selective experimentation to broad operational use, large language models (LLMs) now sit inside developer environments, support workflows, internal knowledge systems, and security tooling itself. Adoption has widened for both enterprises and consumers alike, and, unsurprisingly, have a whole new set of security patterns<\/a>.<\/p>\n\n\n\n

Though oftentimes single catastrophic failures are the types of stories that make the news (like an AI agent pushing code to production against its explicit instructions<\/a>), the truth is that there\u2019s a bigger narrative here. Generative AI has introduced a whole new way to work, and we\u2019re seeing a set of recurring behaviors\u2014ways that AI systems interact with data, instructions, and people\u2014that either introduce new risks or enhance some tried-and-true bad actor tactics (like more convincing phishing attacks<\/a>, for example).<\/p>\n\n\n\n

This article focuses on seven patterns that have emerged in real deployments and documented incidents. Let\u2019s get into it. <\/p>\n\n\n\n

1. Prompt injection and instruction hijacking<\/h2>\n\n\n\n

Prompt injection has matured from a research concept into a practical exploit vector. The issue is structural: LLMs interpret text holistically using tokenization, which makes it difficult to maintain a strict separation between instructions and data. When untrusted content is introduced into an AI system with elevated permissions, that ambiguity becomes exploitable<\/a>.<\/p>\n\n\n\n

Recent incidents show how this plays out in production tools. Researchers analyzing Microsoft Copilot demonstrated that carefully crafted inputs<\/a> could override intended behavior, expose system prompts, or trigger unintended actions within the model\u2019s sandbox.<\/p>\n\n\n\n

The common thread is authority. When models are allowed to act on retrieved content or invoke downstream tools, text becomes a control surface.<\/p>\n\n\n\n

2. Prompt poaching and peripheral exfiltration<\/h2>\n\n\n\n

Not all AI-related data loss requires access to the model itself. A recent malware campaign demonstrated how attackers can siphon AI conversations by compromising the surrounding ecosystem.<\/p>\n\n\n\n

Malicious Chrome extensions posing as productivity tools<\/a> were found harvesting prompts, responses, and browsing context from users interacting with AI assistants; the data was quietly sent to external servers<\/a>.<\/p>\n\n\n\n

These attacks target trust boundaries adjacent to AI systems rather than the models directly. Browser extensions, plugins, and integrations become collection points for high-value contextual data that did not previously exist in a single place. And, they\u2019re often less controlled by enterprise IT teams compared with other types of software. <\/p>\n\n\n\n

3. AI-powered malware and ransomware<\/h2>\n\n\n\n

AI-assisted malware is no longer hypothetical. Security researchers have now documented ransomware that uses generative models as part of its operational logic.<\/p>\n\n\n\n

One example: PromptLock, a ransomware strain<\/a> that leverages LLMs to dynamically generate portions of its code and behavior during execution.<\/p>\n\n\n\n

At the ecosystem level, threat intelligence reports show ransomware groups using AI to accelerate development, customize payloads, and craft tailored extortion communications. Akamai\u2019s 2025 ransomware trends report<\/a> documents LLM usage by active groups for both technical and social components of attacks.<\/p>\n\n\n\n

It\u2019s less about how it\u2019s done and more about how fast it\u2019s done: Iteration cycles are shorter, and adaptation happens more quickly.<\/p>\n\n\n\n

4. Acceleration and competitive pressure in the ransomware economy<\/h2>\n\n\n\n

Even when AI is not embedded directly into malware, it influences the broader threat<\/a> environment. Ransomware activity increased throughout 2025 despite arrests and takedowns; new groups emerged quickly to replace disrupted ones.<\/p>\n\n\n\n

As we said above, speed matters here. Defensive models that assume time for analysis, tuning, and response are increasingly stressed by attackers who can prototype and redeploy faster than those cycles allow.<\/p>\n\n\n\n

And it\u2019s not just speed\u2014the volume of (credible, real) attacks matters too. The truth of the game<\/a> has always been that bad actors only have to succeed once whereas defenders have to succeed every time. If better ransomware is being produced more quickly, defenders are having to adapt just as (or more) quickly to a higher volume of attacks (which makes the demand for employees in the security industry that much more understandable).\u00a0<\/p>\n\n\n\n

5. Semantic noise and operational fatigue<\/h2>\n\n\n\n

Generative AI produces a large volume of plausible output: summaries, recommendations, alerts, explanations. In isolation, that capability is helpful; in aggregate, it introduces a new operational burden.<\/p>\n\n\n\n

Security teams report growing difficulty distinguishing signal from well-formed noise. In reality, this means that over-taxed employees are getting pinged while on-call far more. <\/p>\n\n\n\n

AI-generated conclusions often require human validation, but their tone and confidence can reduce scrutiny over time. That creates opportunities for malicious activity to hide inside outputs that appear reasonable and routine; or, on the flip side, for things like process and architecture misconfigurations to masquerade as security events by creating too many requests.\u00a0<\/p>\n\n\n\n

This pattern does not map cleanly to a single exploit; it shows up as delayed detection, slower response, and missed anomalies<\/a>.<\/p>\n\n\n\n

6. Code supply chain risk from generated code<\/h2>\n\n\n\n

AI-generated code compounds familiar supply-chain issues. Generated snippets often compile cleanly, pass tests, and follow common patterns; they also tend to replicate insecure defaults or omit contextual safeguards.<\/p>\n\n\n\n

As these patterns are reused across services, small mistakes scale quickly. Not only that, but basic parameters like privileging recency (e.g., new security patches) vs. commonality (e.g., the most often used code) can have major implications and <\/em>be weighted differently in different tools. While there is demonstrated risk of malicious insertion,<\/a> it\u2019s also the normalization of fragile or incomplete logic through automation<\/a>.<\/p>\n\n\n\n

7. Potential human skill erosion as a force multiplier<\/h2>\n\n\n\n

One of the quietest risks is also the hardest to measure. As AI tools handle more analysis, summarization, and decision support, human operators spend less time interrogating raw data. That\u2019s both a good and a bad thing\u2014really, it begs the question of how we go about creating and applying expertise in a new and developing epistemological framework. (Wait, you thought engineering wasn\u2019t philosophical?)<\/p>\n\n\n\n

Over time, that shifts how teams validate outcomes and how comfortable they are challenging AI-generated conclusions. This erosion does not cause incidents by itself, but it can amplify the impact of every other failure mode.<\/p>\n\n\n\n

Where this leaves us<\/h2>\n\n\n\n

Across these examples, a consistent theme emerges. Generative AI changes how authority, context, and action flow through systems. Many of the resulting failures are subtle and blend into normal usage patterns.<\/p>\n\n\n\n

The next phase of response is already taking shape. Government agencies and standards bodies are beginning to formalize guidance on securing AI systems<\/a>, managing AI-related risk, and adapting existing security practices to these new patterns.<\/p>\n\n\n\n

That guidance belongs in its own discussion. For now, the takeaway is simpler: AI adoption has altered the shape of risk. <\/p>\n","protected":false},"excerpt":{"rendered":"

Generative AI is shifting the security paradigm, creating new control surfaces for attackers and amplifying classic threat vectors like phishing and data exfiltration. Let’s talk about trends. <\/p>\n","protected":false},"author":182,"featured_media":112744,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","footnotes":""},"categories":[7,434],"tags":[489,468],"class_list":["post-112743","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cloud-storage","category-featured-1","tag-ai-ml","tag-b2cloud","entry"],"acf":[],"yoast_head":"\nThe New Shape of Risk: How Generative AI Is Changing the Security Landscape<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.backblaze.com\/blog\/the-new-shape-of-risk-how-generative-ai-is-changing-the-security-landscape\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The New Shape of Risk: How Generative AI Is Changing the Security Landscape\" \/>\n<meta property=\"og:description\" content=\"Generative AI is shifting the security paradigm, creating new control surfaces for attackers and amplifying classic threat vectors like phishing and data exfiltration. Let's talk about trends.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.backblaze.com\/blog\/the-new-shape-of-risk-how-generative-ai-is-changing-the-security-landscape\/\" \/>\n<meta property=\"og:site_name\" content=\"Backblaze Blog | Cloud Storage & Cloud Backup\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/backblaze\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-22T17:32:31+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-01-22T17:32:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/backblazeprod.wpenginepowered.com\/wp-content\/uploads\/2026\/01\/Q126-0003-Blog-Header-1440x820-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1440\" \/>\n\t<meta property=\"og:image:height\" content=\"820\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Stephanie Doyle\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@backblaze\" \/>\n<meta name=\"twitter:site\" content=\"@backblaze\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Stephanie Doyle\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The New Shape of Risk: How Generative AI Is Changing the Security Landscape","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.backblaze.com\/blog\/the-new-shape-of-risk-how-generative-ai-is-changing-the-security-landscape\/","og_locale":"en_US","og_type":"article","og_title":"The New Shape of Risk: How Generative AI Is Changing the Security Landscape","og_description":"Generative AI is shifting the security paradigm, creating new control surfaces for attackers and amplifying classic threat vectors like phishing and data exfiltration. Let's talk about trends.","og_url":"https:\/\/www.backblaze.com\/blog\/the-new-shape-of-risk-how-generative-ai-is-changing-the-security-landscape\/","og_site_name":"Backblaze Blog | Cloud Storage & Cloud Backup","article_publisher":"https:\/\/www.facebook.com\/backblaze","article_published_time":"2026-01-22T17:32:31+00:00","article_modified_time":"2026-01-22T17:32:34+00:00","og_image":[{"width":1440,"height":820,"url":"https:\/\/backblazeprod.wpenginepowered.com\/wp-content\/uploads\/2026\/01\/Q126-0003-Blog-Header-1440x820-1.png","type":"image\/png"}],"author":"Stephanie Doyle","twitter_card":"summary_large_image","twitter_creator":"@backblaze","twitter_site":"@backblaze","twitter_misc":{"Written by":"Stephanie Doyle","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.backblaze.com\/blog\/the-new-shape-of-risk-how-generative-ai-is-changing-the-security-landscape\/#article","isPartOf":{"@id":"https:\/\/www.backblaze.com\/blog\/the-new-shape-of-risk-how-generative-ai-is-changing-the-security-landscape\/"},"author":{"name":"Stephanie Doyle","@id":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/#\/schema\/person\/688f3962fd24d8155ef726bc94d75058"},"headline":"The New Shape of Risk: How Generative AI Is Changing the Security Landscape","datePublished":"2026-01-22T17:32:31+00:00","dateModified":"2026-01-22T17:32:34+00:00","mainEntityOfPage":{"@id":"https:\/\/www.backblaze.com\/blog\/the-new-shape-of-risk-how-generative-ai-is-changing-the-security-landscape\/"},"wordCount":1085,"commentCount":0,"publisher":{"@id":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.backblaze.com\/blog\/the-new-shape-of-risk-how-generative-ai-is-changing-the-security-landscape\/#primaryimage"},"thumbnailUrl":"https:\/\/backblazeprod.wpenginepowered.com\/wp-content\/uploads\/2026\/01\/Q126-0003-Blog-Header-1440x820-1.png","keywords":["AI\/ML","B2Cloud"],"articleSection":["Cloud Storage","Featured"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.backblaze.com\/blog\/the-new-shape-of-risk-how-generative-ai-is-changing-the-security-landscape\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.backblaze.com\/blog\/the-new-shape-of-risk-how-generative-ai-is-changing-the-security-landscape\/","url":"https:\/\/www.backblaze.com\/blog\/the-new-shape-of-risk-how-generative-ai-is-changing-the-security-landscape\/","name":"The New Shape of Risk: How Generative AI Is Changing the Security Landscape","isPartOf":{"@id":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.backblaze.com\/blog\/the-new-shape-of-risk-how-generative-ai-is-changing-the-security-landscape\/#primaryimage"},"image":{"@id":"https:\/\/www.backblaze.com\/blog\/the-new-shape-of-risk-how-generative-ai-is-changing-the-security-landscape\/#primaryimage"},"thumbnailUrl":"https:\/\/backblazeprod.wpenginepowered.com\/wp-content\/uploads\/2026\/01\/Q126-0003-Blog-Header-1440x820-1.png","datePublished":"2026-01-22T17:32:31+00:00","dateModified":"2026-01-22T17:32:34+00:00","breadcrumb":{"@id":"https:\/\/www.backblaze.com\/blog\/the-new-shape-of-risk-how-generative-ai-is-changing-the-security-landscape\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.backblaze.com\/blog\/the-new-shape-of-risk-how-generative-ai-is-changing-the-security-landscape\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.backblaze.com\/blog\/the-new-shape-of-risk-how-generative-ai-is-changing-the-security-landscape\/#primaryimage","url":"https:\/\/backblazeprod.wpenginepowered.com\/wp-content\/uploads\/2026\/01\/Q126-0003-Blog-Header-1440x820-1.png","contentUrl":"https:\/\/backblazeprod.wpenginepowered.com\/wp-content\/uploads\/2026\/01\/Q126-0003-Blog-Header-1440x820-1.png","width":1440,"height":820,"caption":"A decorative image showing several cubes split into different sub-shapes."},{"@type":"BreadcrumbList","@id":"https:\/\/www.backblaze.com\/blog\/the-new-shape-of-risk-how-generative-ai-is-changing-the-security-landscape\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/"},{"@type":"ListItem","position":2,"name":"The New Shape of Risk: How Generative AI Is Changing the Security Landscape"}]},{"@type":"WebSite","@id":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/#website","url":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/","name":"Backblaze Cloud Solutions Blog","description":"Cloud Storage & Cloud Backup","publisher":{"@id":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/#organization","name":"Backblaze","url":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/www.backblaze.com\/blog\/wp-content\/uploads\/2017\/12\/backblaze_icon_transparent.png?fit=512%2C512&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.backblaze.com\/blog\/wp-content\/uploads\/2017\/12\/backblaze_icon_transparent.png?fit=512%2C512&ssl=1","width":512,"height":512,"caption":"Backblaze"},"image":{"@id":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/backblaze","https:\/\/x.com\/backblaze","https:\/\/www.youtube.com\/user\/Backblaze","https:\/\/en.wikipedia.org\/wiki\/Backblaze"]},{"@type":"Person","@id":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/#\/schema\/person\/688f3962fd24d8155ef726bc94d75058","name":"Stephanie Doyle","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/backblazeprod.wpenginepowered.com\/wp-content\/uploads\/2022\/12\/headshot-4-1-e1670452405672-150x150.jpg","url":"https:\/\/backblazeprod.wpenginepowered.com\/wp-content\/uploads\/2022\/12\/headshot-4-1-e1670452405672-150x150.jpg","contentUrl":"https:\/\/backblazeprod.wpenginepowered.com\/wp-content\/uploads\/2022\/12\/headshot-4-1-e1670452405672-150x150.jpg","caption":"Stephanie Doyle"},"description":"Stephanie is the Technical Narrative Content Manager at Backblaze. She specializes in taking complex topics and writing relatable, engaging, and user-friendly content. You can most often find her reading in public places, and can connect with her on LinkedIn.","url":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/author\/stephanie\/"}]}},"jetpack_featured_media_url":"https:\/\/backblazeprod.wpenginepowered.com\/wp-content\/uploads\/2026\/01\/Q126-0003-Blog-Header-1440x820-1.png","_links":{"self":[{"href":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/wp-json\/wp\/v2\/posts\/112743","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/wp-json\/wp\/v2\/users\/182"}],"replies":[{"embeddable":true,"href":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/wp-json\/wp\/v2\/comments?post=112743"}],"version-history":[{"count":0,"href":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/wp-json\/wp\/v2\/posts\/112743\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/wp-json\/wp\/v2\/media\/112744"}],"wp:attachment":[{"href":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/wp-json\/wp\/v2\/media?parent=112743"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/wp-json\/wp\/v2\/categories?post=112743"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/wp-json\/wp\/v2\/tags?post=112743"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}