December 11, 2025

Qualys TotalAI: Mitigating OWASP LLM Top 10 Security Risks

Author015 mins


Executive Summary

Enterprises are entering a phase where AI systems function as decision engines that shape customer interactions, operational workflows, and business outcomes. This creates a new class of risk that is behavioral, contextual, and dynamic, driven by how models interpret instructions, handle data, and adapt within distributed environments. Security teams need a framework that makes this behavior observable, testable, and governable as AI adoption scales.

Qualys TotalAI advances this goal by unifying discovery, testing, and runtime monitoring into a single operating layer. The latest release enhances onboarding, expands detection depth across emerging attack techniques, and strengthens compliance-ready reporting, giving organizations a disciplined and scalable way to secure AI without slowing development.

Introduction

Artificial intelligence is becoming a core operating layer across products, workflows, and customer experiences. As models power more decisions, organizations need a clearer view of how those systems behave, interact with data, and respond under real-world conditions. The challenge is not only adversarial prompts or unsafe outputs, but the cumulative complexity that emerges as AI moves across cloud environments, MLOps pipelines, and enterprise applications. Traditional security tools were not designed to interpret this new layer of logic, which is why organizations need controls that match the speed and structure of modern AI.

TotalAI is designed to close this visibility gap by assessing, monitoring, and governing AI systems across their lifecycle. In early deployments, TotalAI has generated more than one million findings across customer environments, with the majority of tested Large Language Model Applications (LLMs) exhibiting some form of prompt-injection susceptibility before mitigation. The data reinforces a simple point: meaningful AI adoption requires continuous, structured security insight, not one-time validation.

Qualys Insights

A Practical Framework for Making AI Security Work at Enterprise Scale

AI moves quickly across cloud platforms, data pipelines, and application layers. Security needs a way to keep that pace without adding friction. TotalAI brings model-aware visibility and discipline to environments that evolve continuously.

With Qualys TotalAI, you can:

  • Gain visibility into every AI workload, model, and model context protocol (MCP) Server across multi-cloud and on-prem environments, so teams work from a consistent source of truth.
  • Evaluate models for bias, prompt injection, jailbreak susceptibility, unsafe output, and other  Top 10 LLM vulnerabilities for LLM applications highlighted by the Open Worldwide Application Security Project (OWASP).
  • Harden infrastructure by detecting and prioritizing AI-specific vulnerabilities that could result in data or model theft.
  • Prioritize remediation using TruRisk™ to connect AI risks to business impact.
  • Report with confidence using executive-ready dashboards aligned with frameworks like OWASP LLM Top 10 and Adversarial Threat Landscape for Artificial-Intelligence Systems (MITRE ATLAS) for clear AI compliance reporting.
The business benefits of Qualys TotalAI, including visibility into LLM security risks

What’s New with Qualys TotalAI

To help organizations secure AI at scale with even greater ease and depth, the latest TotalAI release strengthens that lifestyle approach with improvements that simplify model onboarding, expand detection capabilities, enhance runtime coverage, and make compliance reporting more transparent. These enhancements help teams integrate AI security into existing engineering workflows without slowing model development or deployment.

Easy Model Onboarding

TotalAI now streamlines onboarding by automatically discovering models and AI services across your cloud environments through existing cloud connectors. The latest release ensures that discovered assets can be enrolled directly into security testing and AI risk assessment with minimal configuration, giving teams an immediate view of model behaviors, data interactions, and risk signals across their environments.

Screenshot of the Qualys TotalAI onboarding screen

Qualys TotalCloud

Support for Databricks Runtime

Many customers run models in Databricks, leveraging its unified Data+AI platform for seamless ingestion, training, and deployment. Our latest upgrades add support for Databricks Runtime, a common choice for large-scale training and inference.

With this addition, TotalAI extends coverage beyond AWS Bedrock, Azure OpenAI, Google Vertex, Hugging Face, and other providers that support chat completion endpoints, enabling comprehensive testing across hybrid environments where enterprise AI is built and operated.

Expanded Risk Assessment Coverage

Attack techniques targeting AI systems are evolving quickly, and TotalAI now includes new detection capabilities that address some of the most impactful emerging patterns. These updates strengthen both confidentiality controls and behavioral safety analysis.

  • Sensitive Information Disclosure attacks:
    Twenty-one new checks identify when models expose sensitive data through indirect prompts, diagnostic formats, role-play abuse, simulation, factory reset flow, or configuration artifacts. These detections help teams ensure that business logic, operational data, and internal instructions are not revealed through unintended model behaviors.
  • New Jailbreak attacks: Five new QIDs  identify jailbreak patterns that attempt to override model safeguards by manipulating conversation structure, context resets, or tool-call behavior. These checks help maintain consistent control over how models respond under adversarial conditions.
  • New KB attacks: TotalAI now adds six new QIDs to detect jailbreak attempts that undermine model safeguards by creating false affirmations, fabricating conversation history, smuggling instructions across token boundaries, resetting the conversation to a hostile system prompt, or abusing function and tool interfaces as control mechanisms. These behaviors can enable data exfiltration, privilege escalation, or full workflow compromise.
  • Package Hallucination: Detects when a model fabricates credible but non-existent internal package references, a behavior that can introduce hidden pathways for supply chain compromise if left unchecked.
  • Model Denial of Service: Identifies patterns of uncontrolled compute, memory, or token consumption that signal an emerging Denial-of-Service condition, ensuring AI systems remain available and performant under stress.
  • Multimodal Jailbreak: Surfaces attempts to bypass model safeguards through coordinated multimodal prompts, protecting systems from being steered into generating prohibited or harmful outputs.
  • Mixed-Translation Jailbreak: Recognizes multilingual prompt constructions engineered to evade content filters, reinforcing the integrity of model governance across diverse linguistic inputs.
Flowchart illustrating new detections in Qualys TotalAI

Enhanced Reporting

AI security is ultimately about AI risk management and compliance. TotalAI simplifies communication and accountability with:

  • Rich, customizable dashboards to monitor AI attack surfaces and risks.
  • Detailed engineering reports with full issue context for faster remediation.
  • Executive-ready summaries aligned with frameworks such as OWASP LLM Top 10 and MITRE ATLAS to communicate AI risk posture to stakeholders.

These updates make it easy to demonstrate AI security compliance and maintain audit readiness.

Seamless Integration with MLOps Pipelines

TotalAI now integrates directly into MLOps pipelines through APIs that trigger testing during build, validation, or deployment stages. Pipelines can pass or pause based on security results, ensuring that only validated models progress. Once deployed, TotalAI continues monitoring behaviors and correlates findings with threat intelligence and TruRisk™ to support governed, responsible AI operations.

Conclusion

As AI systems take on more responsibility across the enterprise, the real advantage lies in understanding how they behave within the environments that shape them. The question is no longer whether models can create value, but whether that value can be delivered with traceability, consistency, and accountability.

TotalAI provides that coherence by introducing a common operating layer that allows security, engineering, and governance to interpret model behavior through the same analytical frame. When AI development becomes observable in this way, risk signals become clearer, oversight becomes a routine part of the workflow, and scale becomes an intentional choice rather than a structural challenge.

Strengthen the reliability of your AI programs with structured insight and measurable control.

Frequently Asked Questions (FAQs)

What does Qualys TotalAI secure?

TotalAI identifies vulnerabilities, unsafe behaviors, and attack patterns across AI models, supporting infrastructure, and model-control services. It provides continuous security testing that helps teams understand how these systems behave in real environments. The insights from this testing strengthen the organization’s ability to secure AI systems across their lifecycle.

How is TotalAI different from traditional cloud or application security tools?

Traditional tools analyze code, configurations, and infrastructure. TotalAI adds a model-aware layer that evaluates how LLMs interpret instructions, respond to adversarial prompts, and interact with connected services across AI pipelines.

Does TotalAI store training data or internal model content?

No. TotalAI tests models through controlled prompts and does not store training datasets, proprietary business logic, or model weights.

Which AI platforms and runtimes does TotalAI support?

TotalAI tests models across Databricks Runtime, AWS Bedrock, Azure OpenAI, Google Vertex, Hugging Face, and hybrid deployments. Assessments run through cloud connectors or API interactions so models are validated where they operate.

Can TotalAI integrate into CI/CD or MLOps pipelines?

Yes. TotalAI can trigger model security tests during build, validation, or deployment through simple API calls. Pipelines can be configured to pass or pause based on security results.

What types of AI attacks does TotalAI detect?

Coverage includes prompt injection, jailbreak patterns, sensitive data disclosures, multilingual and multimodal bypasses, package hallucinations, and model-level denial-of-service behaviors. New detections are added as attack surfaces evolve.

Does TotalAI require changes to model architecture or pipelines?

No. TotalAI evaluates models in place and does not modify architectures, training processes, or production runtimes.

How does TotalAI help with compliance and governance?

Dashboards and reports map security findings to frameworks such as OWASP LLM Top 10 and MITRE ATLAS, making it easier to demonstrate control effectiveness, document model behavior, and support audit readiness.

Can TotalAI scale across multi-cloud and hybrid environments?

Yes. TotalAI discovers and monitors AI workloads across AWS, Azure, GCP, on-prem, and hybrid setups any models that support chat completion endpoint, presenting all findings in one unified, enterprise-wide view. It can test internal models as well as internet facing models

Contributors

Samrat Sreevatsa, Manager, Engineering, Qualys



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Related News