惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Recent Announcements
Recent Announcements
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
量子位
博客园 - 司徒正美
Security Archives - TechRepublic
Security Archives - TechRepublic
P
Palo Alto Networks Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Cyberwarzone
Cyberwarzone
小众软件
小众软件
T
Threatpost
Latest news
Latest news
J
Java Code Geeks
博客园 - Franky
博客园 - 三生石上(FineUI控件)
Project Zero
Project Zero
P
Privacy & Cybersecurity Law Blog
T
Tenable Blog
L
Lohrmann on Cybersecurity
大猫的无限游戏
大猫的无限游戏
WordPress大学
WordPress大学
Apple Machine Learning Research
Apple Machine Learning Research
Scott Helme
Scott Helme
Simon Willison's Weblog
Simon Willison's Weblog
C
CXSECURITY Database RSS Feed - CXSecurity.com
P
Privacy International News Feed
人人都是产品经理
人人都是产品经理
S
Schneier on Security
T
The Blog of Author Tim Ferriss
V
V2EX
有赞技术团队
有赞技术团队
Y
Y Combinator Blog
罗磊的独立博客
IT之家
IT之家
雷峰网
雷峰网
H
Help Net Security
C
Cyber Attacks, Cyber Crime and Cyber Security
T
Tor Project blog
C
Cybersecurity and Infrastructure Security Agency CISA
I
InfoQ
GbyAI
GbyAI
博客园 - 叶小钗
PCI Perspectives
PCI Perspectives
The GitHub Blog
The GitHub Blog
Martin Fowler
Martin Fowler
H
Heimdal Security Blog
Spread Privacy
Spread Privacy
博客园_首页
A
About on SuperTechFans
T
Tailwind CSS Blog
The Register - Security
The Register - Security

AI demand is so high, AWS customers are trying to buy out its entire capacity | Network World

Cisco: Latest news and insights 2026 network outage report and internet health check Selector targets the network visibility gap in multi-cloud infrastructure Top network and data center events of 2026 How AI is transforming network incident response (and where it still falls short) Google opens TPUs to enterprises beyond its own cloud via Blackstone JV AI, cybersecurity skills top IT pay premiums Startup Bolt Graphics promises 5x performance over Nvidia’s best GPU Wireless security is a battle of AI vs. AI NetOps teams look to AI to automate Day 2 operations Digital twins reshape network and data center management Network outages, power failures strain data center resiliency Five takeaways from Cisco's blowout quarter and what it means to customers Cisco to cut nearly 4,000 jobs despite strong growth in AI, enterprise networking Startup SPAN teams with Nvidia to put data center nodes in your backyard Hard drive shortage affecting enterprise storage needs Wi-Fi 8 is closer than you think. Here’s what you need to know Cisco open-sources agentic AI security spec HPE revamps private cloud stack for enterprises rethinking VMware Versa takes aim at fragmented enterprise security with CSPM, orchestration update, and AI agent controls Red Hat opens Ansible to AI agents, within limits Red Hat offers endless Linux support — for a fee Red Hat: Sovereignty is more than just compliance Tech job postings hit three-year high as AI demand fuels hiring rebound HPE memory server targets compute-heavy and agentic AI workloads PCI group begins work on new spec to support bandwidth-hungry apps like AI, HPC Q&A: Quantum physicist Sonia Fernández-Vidal on why classical computing isn't going anywhere OpenAI-led consortium seeks to address AI processing bottlenecks AWS hit by US-East-1 outage after data center thermal event Gluware's Titan rises to meet Mythos network vulnerability challenge AMD launches AI-targeted PCIe cards for current servers Supply constraints, optical advances dominate Arista's Q1 Lumen advances cloud networking vision with $475M Alkira buy HPE bolsters autonomous network operations for Mist, Aruba Central Netskope launches AI agents for SOC and NOC automation Intel, behind in AI chips, bets on quantum and neuromorphic processors Switch storm coming: Gartner forecasts price hikes, long lead times for enterprise data center switches Extreme moves toward autonomous networking with advanced AI agent, management tools Broadcom bets big on VMware Cloud Foundation 9.1 IBM unveils its blueprint to help enterprises run AI at the core of their business Ruckus Networks on the move again, this time acquired by Belden for $1.85 billion AMD and Intel partner to deliver AI performance advancement Cisco grabs Astrix to secure AI agents Beyond the pitch: A look at Atlético Madrid's connected stadium StarlingX 12.0 is right on time for mixed-hardware edge deployments Cisco nerds out: May the Fourth be with your AI assistant Memory shortage and cost surge push enterprises toward the cloud Extreme Networks: Memory advantage, Wi-Fi 7 and competitive flux drive momentum Scenes from the great data center revolt Enterprise Spotlight: Transforming software development with AI When 170,000 people show up: Network refresh readies Churchill Downs for Kentucky Derby IT certification pay surges as noncertified skills slump QuEra claims quantum error correction breakthrough with 2-to-1 qubit ratio HPE expands ProLiant line with rugged edge servers Deconstructing the data center: A massive (and massively liberating) project Cisco bolsters security, AI support in latest SD-WAN release The era of chatbot AIOps is fading as agentic AI gains traction Auvik bets agentic AI can fill the networking skills gap AI data flows force rethink of data center networking at Backblaze Nvidia's 'AI insurance policy' balances immediate and future AI approaches Cirrascale to offer on-prem Google Gemini models Space data-center news: Roundup of extraterrestrial AI endeavors Network jobs watch: Hiring, skills and certification trends Cisco switch aimed at building practical quantum networks How AI is changing copper, fiber networking Almost 40% of data center projects will be late this year, 2027 looks no better It’s the end of set-and-forget security Google bets on workload-specific TPUs with 8t and 8i launch SUSE bets automated migration can break VMware's grip on virtualization How Zero Networks is closing the network enforcement gap for AI agents Cloudflare wants to rebuild the network for the age of AI agents AI fuels wireless talent shortage Broadcom's Facebook friend will help train it to accelerate AI workloads Data centers are costing local governments billions Equinix offering targets automated AI-centric network operations AI shifts IT roles from operator to orchestrator IBM unveils security services for thwarting agentic attacks, automating threat assessment Maine to put brakes on big data centers as AI expansion collides with power limits Satellite backhaul service Globalstar has a new, rich owner amid challenging market conditions DNS security is often inadequate, and network engineers should get more involved Curious about quantum? Check out training options from ISC2, IBM, AWS and more Cisco just made moves to own the AI infrastructure stack Data centers are moving inland, away from some traditional locations Fixing encryption isn't enough. Quantum developments put focus on authentication Intel: Latest news and insights Linux 7.0 debuts with some big changes for networking Intel secures Google cloud and AI infrastructure deal OpenAI puts part of Stargate project on hold over runaway power costs Broadcom strikes chip deals with Google, Anthropic Cisco to acquire Galileo for AI observability Neoclouds gain momentum in a supply-constrained world Lumen: Upstream network visibility is enterprise security's new front line Yael Nardi joins Minimus as Chief Business Officer to head growth strategy Nvidia Rubin GPUs may be delayed, slowing the next phase of AI infrastructure What is AI networking? How it adds intelligence to your infrastructure Google owns the most AI compute, and it built it its way Aria Networks raises $125M and debuts its approach for AI-optimized networks Intel bets on Terafab to help it reassert itself in the AI chip race New v2 UALink specification aims to catch up to NVLink Cisco joins Anthropic’s multivendor effort to secure AI software
Cisco research finds standard AI safety benchmarks miss the real threat
by Sean Michael Kerner Contributing Writer · 2026-05-27 · via AI demand is so high, AWS customers are trying to buy out its entire capacity | Network World

Multi-turn attacks expose gaps in frontier AI model safety, Cisco warns.

Enterprises deploying closed AI models have generally relied on published safety benchmarks to assess risk before procurement and deployment decisions. New research from Cisco’s AI Threat Intelligence and Security Research team finds those benchmarks may systematically understate the threat.

Standard safety tests submit a single adversarial prompt and record the model’s response. Multi-turn attacks work differently. An attacker maintains a conversation across multiple exchanges, iterating and adapting based on each response until the model yields.

The report pairs single-turn and multi-turn adversarial evaluation across 15 closed/proprietary frontier models from OpenAI, Anthropic, Google, Amazon and xAI. Running 30,090 single-turn prompts and 6,986 multi-turn attacks, the team found that the two evaluation regimes produce different model rankings, different failure maps and different risk profiles. Every model tested failed a non-trivial share of multi-turn attacks.

Key findings from the research:

  • Multi-turn attack success rate (ASR) ranged from 7.89% to 88.30% across all 15 models, against a single-turn range of 2.19% to 64.91%.
  • Eight of 15 models showed an absolute gap greater than 15 percentage points between the two regimes.
  • Anthropic’s Claude family, which posted the lowest single-turn ASR in the cohort at 2.19% to 3.64%, still reached 11.16% to 16.20% under iterative attack.
  • Single-turn failures concentrated in three procedures: Imposter AI at 37.50% weighted ASR, Soft Paraphrase at 29.21% and System Prompts at 27.69%

The findings challenge a common assumption in enterprise AI procurement. 

“The surprising thing here is really that a lot of people accept and kind of understand these frontier labs as being state of the art, but they don’t necessarily think through the security and safety implications of that,” Amy Chang, head of AI threat and security research at Cisco, told Network World. “What this research does is kind of showcase that there is still variance across the different models, and how strong they are with the internal guardrails that are built within the model against these types of attacks.”

How multi-turn attacks work

In a multi-turn attack, the adversary does not present the harmful request upfront. Intent builds gradually across exchanges, with each prompt appearing benign in isolation while steering toward a harmful outcome. The model processes each turn without recognizing the pattern forming across the conversation.

The research tested five attack strategy families:

  • Crescendo escalation. The attacker escalates the ask incrementally, each prompt appearing harmless until the full picture emerges. “It seems like, oh, benign prompt, benign prompt, benign prompt, but as it builds, you start to put the pieces together,” Chang said.
  • Refusal reframe. When the model declines a request, the attacker reframes their identity or purpose to push past it. “You reframe the refusal and be like, no, no, you don’t understand, I’m not a bad person, this is what I need it for,” she said.
  • Role-play and persona adoption. The attacker assumes a character or persona, shifting the conversational framing so the model perceives a different obligation to comply. The report identifies this as the highest-weighted strategy family in the cohort at 29.89% weighted ASR.
  • Contextual ambiguity and misdirection. The attacker uses vague or misleading framing to obscure the true nature of the request, steering the conversation without stating harmful intent directly.
  • Information decomposition and reassembly. The attacker breaks a harmful request into component parts distributed across multiple turns, each appearing innocuous in isolation. The model responds to each piece without recognizing the assembled outcome.

What multi-turn failures say about AI safety

Every model in the cohort failed a meaningful share of multi-turn attacks. The root cause is structural. Chang said the vulnerability is a fundamental characteristic of how generative AI models work. They are probabilistic systems trained to predict the next likeliest token, and that mechanism produces unintended outputs that pre-deployment testing cannot fully eliminate. For closed models, where training data is not publicly disclosed, the problem is compounded because defenders cannot fully audit what the model has learned.

The pattern is not limited to closed models. Cisco’s earlier evaluation of eight open-weight LLMs, published in November 2025, found multi-turn attack success rates running two to ten times higher than single-turn baselines. The report concludes that multi-turn vulnerability is a structural property of the current AI frontier regardless of whether model weights are public or proprietary, and regardless of whether a lab publicly emphasizes safety or capability.

The exposure grows significantly larger when those same models power agentic workflows. “These models are the ones that power agents, and agents have broader access, broader ability to conduct actions on behalf of the human,” Chang said.

The network layer as a defense point

For network security professionals, the instinct is to apply a familiar paradigm: Proxy LLM traffic at the network layer, inspect inputs and outputs, and enforce policy the same way a WAF or IPS handles web traffic. Chang said that instinct is right in part, but LLM security introduces a dimension that signature-based controls cannot address. The difference is intent. 

“There’s also an intent component there as well, where traditional network security approaches kind of fall short,” Chang said. 

A WAF operates on known patterns, payload signatures, protocol violations, known attack strings. Natural language does not reduce to those primitives. An agent responding to an instruction to delete a home directory cannot determine from the request alone whether the person asking is authorized or is attempting to manipulate the agent into a destructive action. 

Network-layer inspection remains a valid baseline for deployments that generate network traffic. “I would say that that is one component of a core principle that should be applied in terms of making sure that at least as traffic gets passed through the network layer, whether they’re inputs or outputs, should have some sort of either guardrail or sanitation check to ensure that the prompts that are coming back and forth are safe,” she said.

Evaluation practices for enterprise teams

For security teams reading the report, Chang’s guidance centers on three actions.

  • Use the report and the LLM Security Leaderboard to inform model selection. Cisco’s leaderboard publishes adversarial evaluation signals against leading models on a rolling basis and gives security teams a more current picture than static model cards or published benchmarks.
  • Do not take vendor safety claims at face value. Published single-turn benchmarks can misrank models by a wide margin. Multi-turn exposure is invisible to any single-turn evaluation, and procurement decisions made on that basis carry unquantified risk.
  • Layer additional defenses on top of the model. No base model in the cohort is safe under iterative attack. Runtime guardrails, application-layer controls, and pre-deployment testing are necessary regardless of which model an organization selects.

“Out of the box, without any additional protections, these models, whether they’re closed or open, are insufficient on their own to kind of be used in a way that [has] potential ramifications,” Chang said.

SUBSCRIBE TO OUR NEWSLETTER

From our editors straight to your inbox

Get started by entering your email address below.