Report: Security Issues Become the Primary Barrier to AI Large-Scale Deployment; Must "Fight AI with AI"

On June 23, at the 4th China International Supply Chain Expo, Li Rui, a partner in PwC China's management consulting business, released the report "From Data Poisoning to Model Jailbreaking: Reconstructing a Security System to Defend Against New AI Risks" (hereinafter referred to as the "report"), which deeply analyzes new security risks such as data contamination, prompt hijacking, and model jailbreaking in the context of large-scale AI application.

"Since 2021, the number of AI incidents and harms has grown exponentially," Li Rui stated directly. Security and risk issues have become the primary obstacle to the large-scale deployment of agent AI. Nearly two-thirds of respondents cited security and risk issues as the top barrier to fully expanding agent AI applications, a proportion significantly higher than regulatory uncertainty or technical limitations, indicating that the constraints organizations face are more about their confidence in safely deploying autonomous systems at scale.

The report shows that, based on analysis of past AI risk incidents, more than half of AI risk incidents originate from deliberate malicious human behavior, while AI system's own security and malfunctions account for only 21%, and this proportion has been relatively declining in recent years. In the single-year data for 2025, the proportion of malicious actor-type incidents jumped from 37.9% to 57%, indicating that AI is being weaponized at an increasingly rapid pace.

The report lists current AI risks: First, AI hackers upgrade, intelligently mining vulnerabilities, and automatically spreading malicious code; Second, AI-driven precision advanced attacks, making ransomware more targeted; Third, rampant deepfake content, frequent advanced social engineering attacks; Fourth, model jailbreaking triggers non-compliant outputs, putting both reputation and compliance under pressure; Fifth, AI supply chain poisoning, hidden vulnerabilities causing business disruptions; Sixth, algorithmic bias, systemic discrimination, and social injustice; Seventh, unclear sources of AI training data leading to copyright infringement; Eighth, embodied intelligence misjudgments causing physical and personal injury; Ninth, agent task chain loss of control, cascading decisions leading to irreversible consequences; Tenth, AI regulatory enforcement becoming both mandatory and fragmented, making cross-domain compliance difficult.

In almost all risk types, respondents indicated a significant gap between the risks they consider important and the risks for which they are actually taking mitigation measures. This gap is particularly pronounced in intellectual property infringement and personal privacy, suggesting that the speed of risk awareness improvement has outpaced the speed of implementing corresponding controls, processes, and tool construction, making it difficult to manage risks in a timely and effective manner.

Li Rui pointed out that machine-level confrontation leads to serious "offense-defense asymmetry," where attacks are already at machine speed, while defense still relies on manual patching, rendering traditional prevention and control ineffective. It is necessary to "fight AI with AI," conducting risk prevention and control from both the input and output ends: the input end must judge whether there are dangerous signals, and the output end must judge whether there are non-compliant contents. "Deploy AI-driven threat detection and response, network isolation and traffic control, malicious code detection and sandbox analysis, while also managing vulnerabilities and performing real-time remediation."

Data shows that as of April 2026, more than 75 countries/regions globally have introduced AI-related strategies, policies, and regulations. Technology ethics, transparency and accountability, data compliance and privacy protection remain the core focus of global regulation.

(Editor: Wen Jing)

Keyword: