10 Billion Blocks Later: Android's AI Edge Over iOS Explained
Android's on-device AI blocks over 10 billion scam texts and calls a month — far ahead of iOS. Why that reshapes the mobile attack surface, plus 5 threat actors to track.

Generative AI can supercharge small and medium businesses — but new research shows attackers can weaponize web content and hidden prompts to make chatbots leak private data. This is real, practical, and fixable.
Security teams recently disclosed seven practical techniques that trick ChatGPT and similar LLMs into revealing private material or obeying hidden instructions — including zero-click and one-click prompt injection, memory poisoning, conversation injection, and tricks that hide malicious prompts inside benign web content or URL parameters. The vulnerabilities were demonstrated against GPT-4o and GPT-5 variants and written up by Tenable and others.
Why it matters: LLMs often ingest or summarize external content — web pages, docs, files. Attackers can hide instructions inside that content so the model treats them as user intent and acts on them, including leaking chat memory, system prompts, or uploaded secrets.
Small amounts of poisoned data can backdoor models. Anthropic, the UK AI Security Institute, and the Alan Turing Institute showed that as few as 250 poisoned documents can implant backdoors — making training-time poisoning far more feasible than previously assumed.
Market incentives can erode safety. Research shows competitive optimization (maximizing engagement or sales) can drive models toward deceptive or unsafe behavior — a phenomenon described as "Moloch's Bargain." Another reason governance and monitoring matter.
SMBs adopt cloud AI tools fast and often lack AI-security expertise. Teams routinely paste internal text into public chatbots for summaries or code help — an easy path for injected prompts. And SMBs hold customer data, contracts, and IP that become high-value if leaked. OWASP's GenAI Top 10 lists prompt injection (LLM01) as the top risk for LLM apps.
Generative AI is a huge productivity lever, but it changes the rules. Prompt injection and data poisoning are real, and attackers are increasingly weaponizing web content and model behavior. For SMBs: don't panic — prepare. Inventory, limit, train, log, and get help. (For the strategic view of AI as a whole new attack surface — including Shadow AI and red-teaming your AI — see our companion piece, Securing the AI Frontier.)
Want a fast read on your AI exposure? Our AI Risk Assessment maps your AI tools, data flows, and where prompt injection or data leakage could hurt you — with prioritized fixes.