AI "Inference" Crisis: Is Your AI Assistant "Betraying" You?
AI security focus shifts from training to inference. Researchers warn: AI inference stage is easier to attack than training. Your AI assistant may be being exploited by hackers.
Silicon Valley — The focus of AI security is shifting.
In past years, everyone discussed "training security" — how to prevent model poisoning, data leakage. But now, a more urgent problem emerges: AI's "inference" stage is being attacked.
What is Inference Attack?
Simply put, inference attacks manipulate things during AI's "use" phase.
"AI is very safe during training," a security researcher said at the 2026 security conference. "But during inference — when AI answers your questions — attackers have many opportunities."
Specific attack methods include:
Adversarial samples: Add "noise" to inputs to make AI make mistakes
Data poisoning: Plant malicious content in inference data
Prompt injection: "Hijack" AI with special commands
Adversarial samples: Add "noise" to inputs to make AI make mistakes
Data poisoning: Plant malicious content in inference data
Prompt injection: "Hijack" AI with special commands
"You ask AI a question, but it may already be 'kidnapped,'" the researcher said.
Why Exploding Now?
Why are inference attacks getting attention now?
Simple reason: AI applications are becoming more popular.
"Before AI was only in labs, security didn't matter," a security expert said. "Now everyone uses AI assistants, security issues become big."
From ChatGPT to Claude, from Ernie to Tongyi — every AI assistant could be a target.
Real Cases
There are already real cases.
"We found a certain AI assistant's responses can be precisely controlled," a security researcher revealed. "For example, when asking specific questions, it gives specific answers."
More terrifying is such attacks are hard to detect. "AI answers normally, but on certain questions it 'betrays' — users can't notice at all."
Enterprise Dilemma
Enterprises using AI also face risks.
"Our AI customer service has already been exploited by attackers," an enterprise security lead said. "They use AI to generate phishing emails, 10x more efficient than manual."
This means: AI not only "victim," but also "accomplice."
Defense is Hard
But defending inference attacks is difficult.
"Traditional security methods don't work," the lead said. "AI is too 'smart,' bypasses rules."
New solutions include:
Input filtering: Detect abnormal inputs
Output auditing: Check AI responses
Cross-validation: Use one AI to check another
Input filtering: Detect abnormal inputs
Output auditing: Check AI responses
Cross-validation: Use one AI to check another
"But costs are high," he said. "Small and medium enterprises can barely afford."
Epilogue
At an AI security conference, I met a white-hat hacker. He told me AI security is "just beginning."
"Like internet security 20 years ago," he said. "Back then people didn't care much either, understood later."
Perhaps AI security is the next big thing. Not training, but inference.
Reference: The Quantum Insider, Reuters, New Haven Independent