Get report
Get Your Free Report
Need help in fixing issues? Contact us and we will help you prepare an action plan to improve your risk rating.
Loading captcha...
By submitting this form, you agree to our Terms & Conditions and Privacy Policy .

Are your AI tools secure? New analysis reveals gaps among market leaders

2025-06-26
Even 58% of large language models (LLM) users have tried two or more different LLMs, and worldwide companies are rapidly adopting them to streamline operations, create content, and assist employees. However, the new Business Digital Index analysis reveals that many AI tools used in the workplace may not be as secure as businesses assume, posing risks to sensitive corporate data and brand reputation.
BDI Team
Research by BDI Team
are your ai tools secure
By BDI

Using only publicly available information, the BDI researchers analyzed the security of 10 popular LLM providers, including OpenAI, Claude, Perplexity, DeepSeek, and others.

The Business Digital Index uses custom scans, IoT search engines, IP, and domain name reputation databases to assess companies based on online security protocols.

According to analysis, 50% of the analyzed LLM providers achieved the highest A rating for cybersecurity. Meanwhile, two major players, OpenAI and 01.AI, received a D score, and Inflection AI scored an F. The average cybersecurity score across all analyzed providers stood at 88 out of 100.

Five out of ten providers experienced data breaches

Harmonic’s analysis shows that 45.4% of sensitive data prompts are sent using personal accounts, bypassing official company channels entirely. This makes it harder for businesses to control security across platforms and exposes corporate data, often without companies even realizing it. It raises serious concerns about how AI tools are chosen and integrated.

This growing trend means organizations are increasingly exposed. Without strong cybersecurity practices, every LLM tool integrated into workflows can become a new entry point for attackers.

Top 10 LLM providers

The Business Digital Index analysis shows that all LLM providers had SSL/TLS configuration vulnerabilities. If a company has issues with its SSL/TLS setup, it can expose sensitive data to interception, making its systems vulnerable to man-in-the-middle attacks and compromising user trust and data security.

According to index analysis, five out of ten providers recorded data breaches. Index analysis shows that OpenAI suffered the most breaches, with 1,140 incidents and a recent data leak just nine days before the analysis. Perplexity AI also experienced a breach 13 days earlier, with 190 corporate credentials compromised.

Credential leaks remain a pressing issue

Password reuse among employees further amplified risks, particularly at Perplexity AI, where, according to the index, 35% of employees reused breached passwords, and at EleutherAI, with 33%.

The report shows that system hosting vulnerabilities were another widespread weakness. Except for AI21 Labs and Anthropic, all other LLM providers faced notable hosting security issues. Perplexity AI and EleutherAI had nearly 40% of their systems cloud-hosted, making them more exposed to potential cyberattacks.

Regional comparison: U.S. vs China

The analysis also revealed clear regional differences. American AI providers had an average cybersecurity score of 87.5, outperforming Chinese companies, which averaged only 79.5. None of the Chinese providers rated above C, highlighting an important security gap.

The most striking example is the DeepSeek AI breach case, which showed how vulnerabilities in AI providers could open the door to broader corporate attacks. As adoption grows, threat actors shift their focus toward exploiting LLM-related weaknesses, from credential leaks to poor system hosting setups.

Meanwhile, the top three most secure LLM providers — AI21 Labs, Perplexity AI, and Anthropic — were based in the U.S. and Israel. However, Inflection AI, a U.S.-based firm, scored the lowest overall.

Research Methodology

BDI researchers analyzed 10 popular LLM providers. The report evaluates cybersecurity risk across seven key dimensions: software patching, web application security, email protection, system reputation, hosting infrastructure, SSL/TLS configuration, and data breach history. The report’s Methodology can be found here. It provides detailed information on how researchers conducted this analysis.

About Business Digital Index

Business Digital Index (BDI) is designed to evaluate the cybersecurity health of organizations worldwide. It aims to help businesses by providing a clear, transparent, and independent assessment of their cybersecurity management, contributing to a more resilient digital future.

By leveraging data from reputable sources, such as IoT search engines, IP and domain reputation databases, and custom security scans, the BDI comprehensively assesses a company’s cybersecurity strength.

The index evaluates risks across seven critical areas: software updates, web security, email protection, system reputation, SSL/TLS setup, system hosting, and data breach history.

Get your Business Digital Index report

Take a moment to understand how your company appears to the outside world. This report uses verified public data to highlight potential risks.

Get report