Book Report: GenAI Safety and Security, Q2 2025

The second quarter of 2025 marked an unprecedented escalation in cyber breaches and AI-related security incidents across industries.

Key Trends and Highlights:

• High-Profile Breaches: Oracle confirmed a legacy breach affecting millions of records, while AT&T disclosed the re-emergence of an 86 million record leak tied to the ShinyHunters group. Coinbase suffered dual blows: insider extortion and a controversial support-team link to India. Data brokers like LexisNexis, along with e-commerce platforms like WooCommerce and Magento, were compromised through third-party API integrations, showcasing deep vulnerabilities in software supply chains.
• Critical Infrastructure at Risk: A ransomware proof-of-concept exploited AMD CPU vulnerabilities at the microcode level, bypassing traditional defenses and marking a new threat category. Regulatory bodies, such as the U.S. bank oversight office, reported prolonged unauthorized email access—highlighting gaps even in high-security environments.
• AI Security and Quantum Readiness: Organizations like Thales warned of emerging quantum threats, with 60% of enterprises now prototyping post-quantum cryptographic solutions. Meanwhile, multiple reports surfaced about the misuse of AI systems for social engineering, phishing, and automated code injection. GitHub was notably tricked by AI agents reading fake public instructions—underscoring how AI can be exploited as both target and weapon.
• Policy, Legal, and Financial Repercussions: Oracle now faces class-action lawsuits under HIPAA laws. AT&T agreed to a $177M settlement, and regulatory scrutiny has intensified worldwide. New York introduced the RAISE Act, mirroring California’s AI safety push with multi-million dollar penalty provisions.
• Call to Action for Industry: From OWASP’s AI testing guide to Anthropic’s bug bounty and DeepMind’s red-teaming, this quarter’s response reflects an industry pivoting toward proactive security posture—centered around resilience, transparency, and adaptive risk management.

Q2 2025 will be remembered not just for the volume of breaches, but for the growing complexity and entanglement of AI, hardware, third-party systems, and human error.

The boundaries of cybersecurity now extend into firmware, cognitive systems, and global data ecosystems.

Organizations must adapt by embedding security into every layer—from model design to endpoint deployment.