[Digital Today reporter Chi-gyu Hwang (황치규)] IT market research firm Gartner said on Monday it identified four major cyber threats that allow attackers to gain an advantage by exploiting targeted vulnerabilities: deepfakes, AI application compromise, prompt injection and software supply chains.

Gartner assessed each threat based on “threat signals,” meaning the volume and quality of available information, and “organisational response capabilities,” meaning how effectively a threat can be managed. It classified the threats into six areas.

Gartner said advances in generative AI have significantly improved the scale, precision and accessibility of deepfake creation across voice, video and images. As deepfakes move beyond pre-produced content to real-time generation, risks have also increased that attackers can impersonate identities through various channels. This can be abused to attack biometric authentication procedures, carry out real-time social engineering attacks targeting employees, and disrupt recruitment processes.

AI application compromise has also emerged as a key threat as attackers target enterprise and in-house AI tools deployed in corporate operating environments. With a wider attack surface spanning in-house agents, third-party integrations and employee-only apps, sensitive data or credentials can be exposed if security is weak.

Prompt injection targets AI systems, especially large language models (LLMs). Attackers inject maliciously manipulated prompts to distort how model algorithms operate, causing sensitive information to leak externally or inducing unauthorised tasks while bypassing existing security controls. Gartner said the risk is rising as enterprise adoption of generative AI expands, making it a priority task for cyber security teams.

On software supply chain threats, Gartner said advances in generative AI solutions will accelerate the trend of software supply chain attacks that target vulnerabilities in open-source software. It stressed that companies should build trusted component repositories, strengthen CI/CD pipelines and establish robust capabilities to detect and respond to operational anomalies.

John Watts (존 왓츠), a Gartner vice president analyst, said AI companies adopting security initiatives are adding to confusion in an already complex threat environment. He said cyber security leaders must identify threat signals amid the confusion and respond swiftly to changes in the threat landscape.