Australian enterprises are deploying AI and LLM-powered applications across financial services, critical infrastructure, and government โ sectors already subject to rigorous cybersecurity oversight under APRA CPS 234 and the SOCI Act. These deployments introduce attack surfaces that existing security testing frameworks were not designed to evaluate.
The AI-Specific Attack Surface
Traditional security testing covers the application layer โ authentication, authorisation, input validation. AI applications add entirely new risk categories: prompt injection (manipulating model behaviour through crafted inputs), sensitive information disclosure (extracting system prompts or training data), excessive agency (AI tools executing unintended actions), and RAG pipeline vulnerabilities (attacks on the retrieval systems that feed context to the model).
The OWASP Top 10 for LLM Applications 2025
The 2025 edition provides the current framework, with two new categories since the 2023 original: System Prompt Leakage (exposure of internal instructions and credentials) and Vector and Embedding Weaknesses (attacks on RAG pipelines and vector databases). The full list โ from Prompt Injection at number one through Unbounded Consumption at number ten โ covers the risk categories that matter most for enterprise AI deployments.
Australian Regulatory Context
While Australia does not yet have AI-specific legislation equivalent to the EU AI Act, the existing regulatory frameworks create clear expectations. APRA CPS 234 requires information security testing proportionate to risk โ and AI applications processing financial data represent a high-risk category. The SOCI Act's obligations for critical infrastructure operators apply to AI systems embedded in essential services. The Australian Government's AI Ethics Framework, while voluntary, signals the direction of governance expectations.
For APRA-regulated entities deploying AI, the question is not whether AI security testing is expected, but how to do it rigorously.
How Simuna Infosec Helps
Our AI/LLM VAPT service tests against the complete OWASP Top 10 for LLM Applications 2025 and extends beyond it with proprietary test cases. We test chatbots, copilots, AI agents, RAG systems, and embedded AI features โ combining traditional application security with AI-specific attack techniques. For Australian enterprises, we provide the independent, expert testing that APRA's framework expects, adapted for the new category of AI risk.
*This article references the OWASP Top 10 for LLM Applications 2025 and publicly available Australian regulatory information as of mid-2026.*