Five out of 10 leading AI LLM providers have experienced data breaches
07 August 2025
Cybernews researchers have evaluated the cybersecurity postures of the top 10 large language model (LLM) providers – including OpenAI, Claude, Perplexity, and DeepSeek – and discovered that half had suffered data breaches, with one breach occurring just nine days before the audit.
The Cybernews Business Digital Index, which evaluates companies based on key cybersecurity criteria, also revealed that all providers had vulnerabilities in their SSL/TLS configurations, and several faced widespread issues in system hosting, credential hygiene, and password reuse.
Additionally, nearly half of sensitive AI prompts are submitted via personal accounts, bypassing official company channels and potentially exposing corporate data without oversight — a growing risk as LLM tools become standard in the workplace.
Key research takeaways:
• 50 percent of the top LLM providers have experienced data breaches, including OpenAI (1,140 incidents) and Perplexity AI (190 credentials leaked just 13 days before the audit)
• All providers had SSL/TLS configuration issues, exposing them to potential man-in-the-middle attacks and data interception
• Credential reuse was widespread – 35 percent of Perplexity AI employees and 33 percent of EleutherAI reused breached passwords
• System hosting vulnerabilities were found in eight out of 10 providers. Only AI21 Labs and Anthropic avoided major issues in this area
• The average cybersecurity score across all providers was 88/100 – but scores ranged widely, with Inflection AI receiving an F
• US and Israeli providers generally scored higher than Chinese providers – none of the Chinese companies rated above a C
• The growing use of personal accounts to interact with LLMs increases the risk of unmanaged data exposure