Malaysian enterprises are embedding AI and LLM features into customer-facing and internal applications. For BNM-regulated financial institutions, these deployments introduce a new risk category that RMiT's independent testing requirement covers.
AI Applications as a New Risk Category
BNM RMiT requires annual penetration testing by independent qualified assessors, with testing triggered by significant system changes. Deploying AI features โ chatbots processing customer queries, AI-assisted fraud detection, LLM-powered document analysis โ represents a significant system change that warrants specific security assessment.
The OWASP Top 10 for LLM Applications 2025 provides the testing framework, covering ten categories of AI-specific risk from Prompt Injection through Unbounded Consumption, including two new categories: System Prompt Leakage and Vector and Embedding Weaknesses.
What Makes AI Testing Different
Traditional penetration testing evaluates deterministic systems. AI applications are probabilistic and introduce risks that conventional testing cannot evaluate: prompt injection (manipulating model behaviour), data leakage (extracting sensitive information from model responses), excessive agency (AI tools performing unintended actions), and RAG pipeline attacks (poisoning the knowledge retrieval system).
How Simuna Infosec Helps
As an independent, qualified security specialist, we test AI applications against the full OWASP Top 10 for LLM Applications 2025. We currently secure infrastructure for a leading telecom operator in Malaysia and bring enterprise-grade AI security testing to the Malaysian market.
*This article references the OWASP Top 10 for LLM Applications 2025.*