A Lifecycle and Application-Stack Survey of Large Language Model Vulnerabilities: Attacks, Risks, Defenses, and Open Problems
Summary
A comprehensive survey published on 2026-06-30 details vulnerabilities in large language model (LLM) systems, emphasizing that security risks extend beyond model weights to the entire application lifecycle and stack. The paper organizes attacks across eight stages: data collection, pretraining, post-training alignment, model packaging and supply chain, retrieval and memory, prompting and inference, tool/agent execution, and deployment/maintenance. For each stage, it analyzes attacker capabilities, security objectives, representative attacks, practical risks, evaluation practices, and defenses. The survey maps LLM-specific vulnerabilities to confidentiality, integrity, availability, safety, privacy, fairness, accountability, and agency-control objectives, highlighting how trust boundaries fail and untrusted data becomes executable instructions.
Key takeaway
For AI Security Engineers building or deploying LLM systems, you must shift your focus beyond model weights to the entire application lifecycle and stack. Evaluate security across all eight identified stages, from data collection to agent execution, to identify where trust boundaries fail. Prioritize defenses that address untrusted data becoming executable instructions and mitigate risks from delegated authority to prevent amplified model errors.
Key insights
LLM security must encompass the full application lifecycle and stack, not just model weights.
Principles
- Untrusted data can become executable instruction.
- Delegated authority amplifies model errors.
- Point defenses rarely compose effectively.
Method
The paper systematizes LLM vulnerabilities by organizing attacks across eight lifecycle and application-stack stages, analyzing risks and defenses for each.
In practice
- Focus on compositional security.
- Implement provenance-aware retrieval.
- Develop tool-call containment strategies.
Topics
- LLM Vulnerabilities
- Application Security
- AI Lifecycle Security
- Prompting Attacks
- Agent Security
- Supply Chain Security
Best for: CTO, AI Architect, Research Scientist, AI Security Engineer, AI Scientist, AI Engineer
Related on AIssential
Editorial summary, takeaway, and curation by AIssential. Original article published by Artificial Intelligence.