Astra Security Unveils AI Security Research, Exposing Risks in LLM Pentesting
Astra Security Unveils Research on AI Security: Exposing Critical Risks and Defining the Future of Large Language Models Pentesting
Delaware, USA/ New Delhi, 01-07-2025– Astra Security, a leader in offensive AI security solutions, presented its latest research findings on vulnerabilities in Large Language Models (LLMs) and AI applications at the prestigious Cybersecurity Conference called, CERT-In Samvaad 2025, bringing to light the growing risks of AI-first businesses face from prompt injection, jailbreaks, and other novel threats.
This research not only contributes to the OWASP Top 10: LLM & Generative AI Security Risks but also forms the basis of Astra’s enhanced testing methodologies aimed at securing AI systems with research-led defense strategies. From fintech to healthcare, Astra’s findings expose how AI systems can be manipulated into leaking sensitive data or making business-critical errors—risks that demand urgent and intelligent countermeasures.
AI is rapidly evolving from a productivity tool to a decision-maker, powering financial approvals, healthcare diagnoses, legal workflows, and even government systems. But with this trust comes a dangerous new frontier of threats.
“The catalyst for our research was a simple but sobering realization—AI doesn’t need to be hacked to cause damage. It just needs to be wrong, so we are not just scanning for problems—we’re emulating how AI can be misled, misused, and manipulated,” said Ananda Krishna, CTO at Astra Security.
Through months of hands-on analysis and pentesting real-world AI applications, Astra uncovered multiple new attack vectors that traditional security models fail to detect. The research has been instrumental in building Astra’s AI-aware security engine
that simulates these attacks in production-like environments to help businesses stay ahead of AI-powered risks.
Securing AI-Powered Applications with Astra’s Advanced Pentesting
Astra is pioneering security for AI-powered applications through specialized penetration testing that goes far beyond traditional code analysis. By combining human-led expertise with AI-enhanced tools, Astra’s team rigorously examines large language models (LLMs), autonomous agents, and prompt-driven systems for critical vulnerabilities such as logic flaws, memory leaks, and prompt injections. Their approach includes realistic attack simulations that mimic adversarial behavior to identify chained exploits and business logic gaps unique to AI workflows—ensuring robust protection for next-generation intelligent systems.
FinTech Examples from the Field
In one of Astra’s AI pentests of a leading fintech platform, researchers found that manipulated prompts led LLMs to reveal transaction histories and respond to “forgotten” authentication steps—posing severe risks to compliance, privacy, and user trust.
In another case, a digital lending startup’s AI assistant was tricked via indirect prompt injection embedded in a customer service email. The manipulated response revealed personally identifiable information (PII) and partial credit scores of users, highlighting the business-critical impact of context manipulation and the importance of robust input validation in AI workflows.
What’s Next: Astra’s Vision for AI-First Security
With AI threats evolving daily, Astra is already developing the next generation of AI-powered security tools such as Autonomous Pentesting Agents to simulate advanced chained attacks autonomously, Logic-Aware Vulnerability Detection Tools which are AI trained to understand workflows and context. Smart Crawling Engines for full coverage of dynamic applications, Developer Co-pilot Prompts for Real-time security suggestions in developer tools and Advanced Attack Path Mapping to achieve AI executing multi-step attacker-like behavior.
Speaking on the research and the future of redefining offensive and AI-driven security for modern digital businesses, Shikhil Sharma, Founder & CEO, Astra Security said, “As AI reshapes industries, security needs to evolve just as fast. At Astra, we’re not just defending against today’s threats, we’re anticipating tomorrows. Our goal is simple: empower builders to innovate fearlessly, with security that’s proactive, intelligent, and seamlessly integrated.”