In short: In July 2026 the security firm Informzashchita published a study finding that 32% of vulnerabilities uncovered while pentesting AI and LLM applications are high-risk — 2.7 times higher than the average across all systems. These flaws also take the longest to fix, and 44% of incidents trace back to "shadow AI." We break down what this means for your data and how to cut the risk.
What happened
On 3 July 2026 the security firm Informzashchita released the results of its second year of monitoring the security of AI-powered applications. The finding is alarming: 32% of vulnerabilities found while testing AI and LLM services turned out to be high-risk. By comparison, across all other classes of systems that figure is about 12% — meaning the risk profile of AI apps is 2.7 times the average. For a practical guide to working safely with neural networks, see our piece on using a VPN with AI tools like ChatGPT and Claude.
Tellingly, the proportion did not change from the first year of observation — so this is not a temporary "growing pain" of a young technology but a systemic problem.
Why AI apps carry more vulnerabilities
Researchers single out flaw classes specific to AI: prompt injection, system-prompt leaks, training-data poisoning, authorization errors and weaknesses in vector stores. Many of them slip past conventional scanners: 78% of teams admitted automated tools missed critical vulnerabilities, and willingness to trust pentesting to automation alone fell from 29% to 9% in a year.
A separate headache is "shadow AI": 44% of incidents were caused by unsanctioned external services that staff plug in behind the security team's back. Whatever a user types into such a service leaves for a third-party server, outside the organization's perimeter and control.
What it means for your data
When you send a chatbot your résumé, passport details, work documents or private correspondence, that information is processed on the service's servers — and any of the flaws above can expose it to outsiders. A prompt injection can trick an assistant into revealing other users' or system data; a system-prompt leak exposes internal instructions and keys. The pace of fixes makes it worse: the median time to close critical findings rose from 19 days in 2025 to 36 days in 2026, and only 38.4% of high-risk AI flaws were remediated (versus 77.3% for APIs). In plain terms, dangerous bugs in AI services live the longest. To check whether your data has already leaked, see our guide on checking for a personal-data leak.
How to protect your data
Don't feed AI more than it needs. Never paste personal data, passwords, trade secrets or documents that must not reach third parties into a chatbot. Treat any conversation with an AI as public — everything you enter may be stored and processed.
Use official apps from trusted sources and corporate editions of services, not random "wrappers" around someone else's API — those are exactly what shadow AI is.
Separate your accounts and enable 2FA so that compromising one service does not open the door to the rest.
Shrink your network footprint. A VPN will not fix a vulnerability inside the AI app itself, but it covers the network half: it encrypts traffic on untrusted networks so data cannot be intercepted in transit, and hides your real IP from sites and your provider. See how LiMP VPN does it on our features page.
Sources
This report is based on the study by Informzashchita, published on 3 July 2026 by CNews and Anti-Malware.ru.
