Cybernews researchers evaluated the cybersecurity postures of the top 10 large language model (LLM) providers—including OpenAI, Claude, Perplexity, and DeepSeek — and discovered that half had suffered data breaches, with one breach occurring just nine days before the audit.
The Cybernews Business Digital Index, which evaluates companies based on key cybersecurity criteria, also revealed that all providers had vulnerabilities in their SSL/TLS configurations, and several faced widespread issues in system hosting, credential hygiene, and password reuse.
Additionally, nearly half of sensitive AI prompts are submitted via personal accounts, bypassing official company channels and potentially exposing corporate data without oversight — a growing risk as LLM tools become standard in the workplace.
Key research takeaways:
- 50% of the top LLM providers have experienced data breaches, including OpenAI (1,140 incidents) and Perplexity AI (190 credentials leaked just 13 days before the audit).
- All providers had SSL/TLS configuration issues, exposing them to potential man-in-the-middle attacks and data interception.
- Credential reuse was widespread — 35% of Perplexity AI employees and 33% of EleutherAI reused breached passwords.
- System hosting vulnerabilities were found in 8 out of 10 providers. Only AI21 Labs and Anthropic avoided major issues in this area.
- The average cybersecurity score across all providers was 88/100 — but scores ranged widely, with Inflection AI receiving an F.
- U.S. and Israeli providers generally scored higher than Chinese providers—none of the Chinese companies rated above a C.
- The growing use of personal accounts to interact with LLMs increases the risk of unmanaged data exposure.
To read the full research, please click here.
Research Methodology
For this study, Cybernews researchers analyzed 10 popular LLM providers. The report evaluates cybersecurity risk across seven key dimensions: software patching, web application security, email protection, system reputation, hosting infrastructure, SSL/TLS configuration, and data breach history.
The report’s Methodology can be found here. It provides detailed information on how researchers conducted this analysis.
Related
This entry was posted on May 27, 2025 at 9:48 am and is filed under Commentary with tags Cybernews. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
5 out of 10 leading AI LLM providers have experienced data breaches
Cybernews researchers evaluated the cybersecurity postures of the top 10 large language model (LLM) providers—including OpenAI, Claude, Perplexity, and DeepSeek — and discovered that half had suffered data breaches, with one breach occurring just nine days before the audit.
The Cybernews Business Digital Index, which evaluates companies based on key cybersecurity criteria, also revealed that all providers had vulnerabilities in their SSL/TLS configurations, and several faced widespread issues in system hosting, credential hygiene, and password reuse.
Additionally, nearly half of sensitive AI prompts are submitted via personal accounts, bypassing official company channels and potentially exposing corporate data without oversight — a growing risk as LLM tools become standard in the workplace.
Key research takeaways:
To read the full research, please click here.
Research Methodology
For this study, Cybernews researchers analyzed 10 popular LLM providers. The report evaluates cybersecurity risk across seven key dimensions: software patching, web application security, email protection, system reputation, hosting infrastructure, SSL/TLS configuration, and data breach history.
The report’s Methodology can be found here. It provides detailed information on how researchers conducted this analysis.
Share this:
Like this:
Related
This entry was posted on May 27, 2025 at 9:48 am and is filed under Commentary with tags Cybernews. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.