Model Security Is the Wrong Frame – The Real Risk Is Workflow Security

Model Security Is the Wrong Frame – The Real Risk Is Workflow Security

Recent incidents demonstrate a critical shift in AI security: the primary risk isn’t within the AI models themselves, but in the workflows they power, with malicious Chrome extensions stealing ChatGPT data from 900,000 users. Separately, researchers showed prompt injections could compel IBM’s AI coding assistant to execute malware.

Why This Matters

Traditional security models assume deterministic software and clear perimeters, failing to account for AI’s probabilistic nature and integration into complex workflows. This mismatch creates significant vulnerabilities, as attacks targeting the context around the AI, rather than the AI itself, can have a large-scale impact – potentially leading to widespread data breaches or system compromise, costing organizations millions in remediation and reputational damage.

Key Insights

• 900,000 users affected: ChatGPT and DeepSeek chat data stolen via malicious Chrome extensions (January 2026)
• AI as workflow engine: AI systems are increasingly used to connect applications and automate tasks, blurring traditional security boundaries.
• Reco: A dynamic SaaS security platform providing visibility into AI usage and enforcing workflow-level guardrails.

Working Example

(No code example provided in the context)

Practical Applications

• Financial Institutions: Using AI chatbots for customer service while safeguarding sensitive account information.
• Pitfall: Overly permissive access controls for AI agents, allowing unintended data exposure and potential compliance violations.

References:

• https://thehackernews.com/2026/01/model-security-is-wrong-frame-real-risk.html