• Platform
    Mend-io-logo-mark
    AI Native AppSec Platform Take a tour
    The new era of ai-powered application security. Part two: ai security vulnerability and risk - ai
    Mend AI Secure AI powered applications
    Mend sast icon
    Mend SAST Secure proprietary code 10x faster
    Mend container small icon
    Mend Container Container security done right
    The new era of ai-powered application security. Part two: ai security vulnerability and risk - sca
    Mend SCA Decrease open source risk
    The new era of ai-powered application security. Part two: ai security vulnerability and risk - renovate
    Mend Renovate Automate dependency updates
    Expand AppSec coverage
    The new era of ai-powered application security. Part two: ai security vulnerability and risk - dast icon 1 DAST The new era of ai-powered application security. Part two: ai security vulnerability and risk - apis icon 1 API security The new era of ai-powered application security. Part two: ai security vulnerability and risk - eol icon EOL support
    Platform Benefits
    The new era of ai-powered application security. Part two: ai security vulnerability and risk - repoi icon Repo integration Scalability-icon Scalability The new era of ai-powered application security. Part two: ai security vulnerability and risk - reachability icon Reachability
  • Solutions
    Ai models risk - nav bar icon
    AI app security Manage risks in AI models and agents
    Ai-red-teaming-icon-
    AI red teaming Test and secure conversational AI
    The new era of ai-powered application security. Part two: ai security vulnerability and risk - ai gen code security nav bar icon 36x36 1
    AI gen code security Real-time AI code security
    Sbom - nav bar icon
    SBOM Move from static to effective SBOMs
    Runtime-security-nav-bar-icon
    Dynamic testing Test for risks in running applications
    Code scanning - nav bar icon
    Code scanning Find and fix known vulnerabilities
    Open source license nav bar icon
    Open source security Prevent. Prioritize. Automate.
    Open source license - nav bar icon
    Open source compliance Risk management for OSS licenses
    Dependency updates - nav bar icon
    Dependency updates Reduced risk, better code
    Container security container security
    Container security Container security, simplified
  • Company
    About us - nav bar icon
    About us Who we are
    Careers nav bar icon
    Careers Join our team
    Partners - nav bar icon
    Partners Meet our partners
    Events - nav bar icon
    Events Upcoming events
    Newsroom - nav bar icon
    Newsroom The latest Mend.io news
    Contact-us nav bar icon
    Contact us Connect with us
  • Resources
    Resource center - nav bar icon
    Resource center View our latest resources
    Blog - nav bar icon
    Blog The latest AppSec news and insights
    Podcast-icon
    Podcast Insights from leading experts
    Customers - nav bar icon
    Customers View our customer case studies
    Integrations - nav bar icon
    Integrations Find your integration
    Langugages nav bar icon
    Languages Find your language
    Vulnerability database - nav bar icon
    Vulnerability database Mend.io's OSS vulnerability database
    Documentation - nav bar icon
    Documentation Product and feature documentation
    Featured
    The new era of ai-powered application security. Part two: ai security vulnerability and risk - featured image
    A CISO’s Guide to Securing AI from the Start
    The new era of ai-powered application security. Part two: ai security vulnerability and risk - practical guide to sast white paper image
    A Practical Guide to Making the Most of your SAST Investment
Schedule a Demo

The New Era of AI-Powered Application Security. Part Two: AI Security Vulnerability and Risk

Rami Elron July 18, 2023 3 min read
AI Security
The New Era Of AI-Powered Application Security. Part Two

This is the second part of a three-part blog series on AI-powered application security.

Part One of this series presented the concerns associated with AI technology that challenge traditional application security tools and processes. In this second post, we focus on the security vulnerabilities and risks that AI introduces. Part Three will explore practical strategies and approaches to cope with these challenges.

The Dual Nature of AI Security Risk

AI-powered tools are particularly vulnerable at the model level. If the model is trained on partial, biased, or compromised data, the system may deliver inaccurate assessments or recommendations. This could include misleading security scan results or inappropriate policy suggestions.

Malicious actors may even deliberately tamper with model data to undermine its integrity. In these cases, AI tools intended to improve security might actually increase risk. It’s also important to remember that traditional software vulnerabilities—such as injection flaws, data leakage, and unauthorized access—still apply to AI-powered systems. In addition, there are entirely new classes of vulnerabilities unique to AI and machine learning models.

AI in the Hands of Malicious Actors

AI is not only a potential point of failure—it is also a powerful tool for attackers. Malicious actors can use AI to discover vulnerabilities faster and more thoroughly than ever before. The scale and speed of these efforts dramatically raise the potential impact of attacks.

One emerging risk involves the exploitation of business logic vulnerabilities caused by weak enforcement of inter-service security policies. These flaws may not be detectable through conventional code analysis or runtime inspection. Instead, they may only emerge when multiple independent components interact in specific, state-dependent ways.

AI can help detect these complex vulnerabilities—but it can also be used to exploit them, making it a double-edged sword.

The New Era of AI-Powered Application Security. Part Two: AI Security Vulnerability and Risk - large Security Vulnerabilities and Risk

Risks in AI-Powered Remediation

Without appropriate safeguards, using AI for remediation can be dangerous. Vulnerability fix suggestions generated by AI may inadvertently include malicious code. These embedded threats can be difficult to detect, especially when the AI-generated suggestions appear syntactically correct and plausible.

Overreliance on AI-generated fixes without human review increases the likelihood of such scenarios, particularly in time-pressured development environments.

The False Sense of Trust in AI-Powered Security Tools

One of the more subtle but critical risks involves the illusion of trust. Because AI tools often deliver responses in a confident and fluent manner, users may assume their recommendations are correct and comprehensive.

For example, developers without deep AppSec expertise might rely on AI to generate security advice using natural language prompts. However, if the prompts are vague or imprecise—as they often are—AI may respond with incomplete or inappropriate advice. The result is a misplaced sense of security that could lead to under-protected applications.

Preparing for What Comes Next

How should security teams and development organizations respond to these growing risks?

Reaping the benefits of AI requires a new level of awareness, oversight, and validation. While the evolution of AI-powered application security is still in its early stages, now is the time to assess how this technology introduces risk—and to start defining the controls, review processes, and trust boundaries needed to use it safely.

In the next post, we’ll explore concrete approaches to mitigating AI-related security risks in real-world software development environments.

Build a proactive AppSec program

Read the report

About the author

The New Era of AI-Powered Application Security. Part Two: AI Security Vulnerability and Risk - Rami Elron picture
Rami Elron
Senior Director of Product Innovation, Mend.io

Rami Elron is the Senior Director of Product Innovation at Mend.io, driving application security strategic initiatives and thought leadership. Rami has defined and led the product specification for major staples of Mend.io’s portfolio, including the company’s prioritization offering. An industrial engineer, Rami has over 25 years of technology innovation and leadership experience with companies such as IBM, BMC Software, and more, directing large-scale projects, and leading successful customer-facing engagements in application and data security, enterprise storage, UX design and business strategy. Rami has lectured in academia, presented at numerous industry conferences and webinars, co-authored books, and international security-related standards, and is a co-inventor of patents in advanced technology areas.

Recent resources

The New Era of AI-Powered Application Security. Part Two: AI Security Vulnerability and Risk - what is an AI BOM blog post

What is an AI Bill of Materials (AI BOM)?

Mend.io Team Aug 20, 2025
AI Models Risk

Learn how to create and automate an AI BOM.

Read more
The New Era of AI-Powered Application Security. Part Two: AI Security Vulnerability and Risk - Blog graphic Gen AI Security

What is Generative AI Security?

Mend.io Team Aug 19, 2025
AI Models Risk

Learn what generative AI in cybersecurity is and how to secure against threats.

Read more
The New Era of AI-Powered Application Security. Part Two: AI Security Vulnerability and Risk - Blog image Hallucinated package attacks 2x

The Hallucinated Package Attack: Slopsquatting

Daniel Wyrzykowski Aug 15, 2025
AI Models Risk

Learn how AI-generated code can lead to fake package installs and attacks.

Read more

© 2025 Mend.io (White Source Ltd.) All rights reserved.