The Federal Service for Technical and Export Control (FSTEC) has for the first time included risks associated with artificial intelligence in its database of information security threats. This was reported on the regulator's website on December 23, 2025, in Moscow.
The list specifies AI technologies whose vulnerabilities can be exploited by attackers. These include machine learning models, training datasets, RAG (Retrieval Augmented Generation), and LoRA adapters (Low-Rank Adaptation).
In addition, possible attack vectors are described: exploitation of vulnerabilities in AI frameworks, modification of system prompts or agent configurations, as well as DoS attacks aimed at exhausting request quotas.
Now, organizations required by law to protect their information systems must use the FSTEC database to develop a threat model. Software developers for government agencies and critical infrastructure facilities are required to consider this data when creating and implementing solutions.
There are currently no statistics on the use of AI in cyberattacks in the Russian market. According to a SlashNext study, since March 2023, after the release of ChatGPT-4, the number of phishing emails worldwide has increased by 1265% due to the widespread use of large language models to generate such emails.
Read more on the topic:
- AI account hacks in Russia increased by 90% — users lose control over personal data
- Machine learning and AI help Kaspersky Lab detect about half a million new cyber threats every day
- Scientists from St. Petersburg Federal Research Center of the Russian Academy of Sciences have taught a neural network to find malicious programs that steal passwords
