BOSTON–(Business Wire)–Terra Security, a pioneer in agent-driven continuous threat exposure management (CTEM), today announced findings from a recent continuous penetration testing effort that uncovered exploitable vulnerabilities in AI-powered applications, copilots, and AI-generated code workflows. In response, the company released a new module as part of its continuous penetration testing platform. This allows security researchers to continuously simulate attacks on AI systems at scale and discover such vulnerabilities.
Over the past few months, Terra has been conducting adversarial testing across applications built with AI coding tools like Claude Code, fast AI app generation platforms like Loveable and Base44, and enterprise software that incorporates AI chat interfaces and co-pilots. The company reports that Terra Security researchers have discovered recurring vulnerability patterns that differ from traditional software security flaws, such as CVE-2026-25724, which was discovered in Anthropic’s Claude Code.
The study found that 100% of applications that incorporated AI chat or co-pilot had AI-related security vulnerabilities.
Real-world AI vulnerabilities observed in production environments at large enterprises:
-
Prompt injection attack on AI co-pilot
-
Indirect prompt injection via embedded or third-party content
-
Immediate leakage of sensitive systems
-
Data disclosure between tenants in AI First Officer
-
Privilege Escalation with AI Tool Execution Chains
-
Reverse shell execution with AI-enabled command workflows
-
Broken approval logic in AI-generated business processes
-
Exposing internal APIs introduced during AI-assisted enhancements
-
Cross-site scripting with LLM prompt injection with authentication bypass
“Some of these issues are not due to malicious intent or obvious misconfigurations, but rather complex interactions between AI agents, application logic, and operational tools,” said Shahar Peled, CEO and co-founder of Terra Security. “As AI systems commit vulnerable code, change configurations, and interact with pipelines, organizations need visibility not just to theoretical risks but to actual exploitability in production environments. We’re proud to provide a way for penetration testers to continuously monitor these actions using the Terra platform.”
Because AI agents are granted broad access to repositories, APIs, and infrastructure tools, small validation gaps can quickly grow across your environment. Anthropic’s recent security enhancements to Claude Code reflect the industry’s increased focus on finding vulnerabilities at the code level. While Terra Security supports these advances, we emphasize that code-level vulnerabilities alone do not determine the exploitability of a deployed live application.
“Traditional scanners look for known patterns,” said Gal Malachi, CTO and co-founder of Terra Security. “What we’re seeing in AI-powered systems are contextual vulnerabilities that occur when a model behaves as designed but the surrounding application or permissions model allows for unintended consequences. Prompt injections may not resemble traditional code flaws, but they can still expose sensitive data or cause dangerous actions when safeguards are incomplete.”
About Terra Security
Terra Security provides continuous penetration testing powered by Agentic AI that aligns with code changes and evolving attack surfaces, combining a swarm of trained AI agents with human oversight for safety and control. The company works with Fortune 500 companies to ensure full attack surface coverage across web, AI, internal apps, APIs, mobile, network, and cloud. Winner of the 2025 CrowdStrike/AWS/NVIDIA Cybersecurity Accelerator and backed by SYN Ventures, Felicis, Lama Partners, SVCI, Underscore VC, Dell Technologies Capital, and Capital One Ventures. The company is based in the United States and Tel Aviv. For more information, please visit terra.security.
