{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,12]],"date-time":"2026-02-12T06:20:08Z","timestamp":1770877208712,"version":"3.50.1"},"reference-count":51,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2026,2,6]],"date-time":"2026-02-06T00:00:00Z","timestamp":1770336000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["JCP"],"abstract":"<jats:p>Generative AI (GenAI) systems are increasingly deployed across high-impact sectors, introducing security risks that fundamentally differ from those of traditional software. Their probabilistic behavior, emergent failure modes, and expanded attack surface, particularly through retrieval and tool integration, complicate threat modeling and control assurance. This paper presents a threat-centric analysis that maps adversarial techniques to the core architectural layers of generative AI systems, including training pipelines, model behavior, retrieval mechanisms, orchestration, and runtime interaction. Using established taxonomies such as the OWASP LLM Top 10 and MITRE ATLAS alongside empirical research, we show that many GenAI security risks are structural rather than configurable, limiting the effectiveness of perimeter-based and policy-only controls. We additionally analyze the impact of regulatory divergence on GenAI security architecture and find that EU frameworks serve in practice as the highest common technical baseline for transatlantic deployments.<\/jats:p>","DOI":"10.3390\/jcp6010027","type":"journal-article","created":{"date-parts":[[2026,2,9]],"date-time":"2026-02-09T09:41:02Z","timestamp":1770630062000},"page":"27","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Securing Generative AI Systems: Threat-Centric Architectures and the Impact of Divergent EU\u2013US Governance Regimes"],"prefix":"10.3390","volume":"6","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2595-0689","authenticated-orcid":false,"given":"Vijay","family":"Kanabar","sequence":"first","affiliation":[{"name":"Metropolitan College, Boston University, Boston, MA 02215, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0222-7607","authenticated-orcid":false,"given":"Kalinka","family":"Kaloyanova","sequence":"additional","affiliation":[{"name":"Faculty of Mathematics and Informatics, Sofia University \u201cSt. Kliment Ohridski\u201d, 5 J. Bourchier Blvd., 1164 Sofia, Bulgaria"},{"name":"Institute of Mathematics and Informatics, Bulgarian Academy of Science, Acad. G. Bonchev Str., Bl. 8, 1113 Sofia, Bulgaria"}]}],"member":"1968","published-online":{"date-parts":[[2026,2,6]]},"reference":[{"key":"ref_1","unstructured":"National Institute of Standards (2023). Technology. Artificial Intelligence Risk Management Framework (AI RMF 1.0), National Institute of Standards and Technology (NIST), U.S. Department of Commerce."},{"key":"ref_2","unstructured":"(2024). Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile (Standard No. NIST AI 600-1)."},{"key":"ref_3","unstructured":"Foundation, O. (2023). OWASP Top 10 for Large Language Model Applications, Open Web Application Security Project (OWASP)."},{"key":"ref_4","unstructured":"Corporation, M. (2021). ATLAS: Adversarial Threat Landscape for Artificial-Intelligence Systems (Advmlthreatmatrix), MITRE Corporation."},{"key":"ref_5","unstructured":"European Parliament and the Council of the European Union (2024). Regulation (EU) 2024\/1689 of the European Parliament and of the Council of 13 June 2024 Laying Down Harmonised Rules on Artificial Intelligence (Artificial Intelligence Act), Publications Office of the European Union."},{"key":"ref_6","unstructured":"European Parliament and the Council of the European Union (2022). Directive (EU) 2022\/2555 of the European Parliament and of the Council of 14 December 2022 on Measures for a High Common Level of Cybersecurity Across the Union (NIS2 Directive), Publications Office of the European Union."},{"key":"ref_7","unstructured":"(2025, May 11). Federal vs. State AI Rules: What the New U.S. Executive Order Really Means. Available online: https:\/\/regulatingai.org\/."},{"key":"ref_8","unstructured":"Fredrikson, M., Jha, S., and Ristenpart, T. (, January 12\u201316). Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures. Proceedings of the ACM Conference on Computer and Communications Security (CCS), Denver, CO, USA."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Shokri, R., Stronati, M., Song, C., and Shmatikov, V. (2016). Membership Inference Attacks Against Machine Learning Models, IEEE.","DOI":"10.1109\/SP.2017.41"},{"key":"ref_10","unstructured":"Carlini, N., Tram\u00e8r, F., Wallace, E., Jagielski, M., Herbert-Voss, A., Lee, K., Roberts, A., Brown, T., Song, D., and Erlingsson, \u00da. (2021, January 10\u201313). Extracting Training Data from Large Language Models. Proceedings of the 30th USENIX Security Symposium (USENIX Security 21), Virtual."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"100211","DOI":"10.1016\/j.hcc.2024.100211","article-title":"A survey on large language model (llm) security and privacy: The good, the bad, and the ugly","volume":"4","author":"Yao","year":"2024","journal-title":"High Confid. Comput."},{"key":"ref_12","unstructured":"Yi, J., Xie, Y., Zhu, B., Kiciman, E., Sun, G., Xie, X., and Wu, F. (2023). Benchmarking and Defending Against Indirect Prompt Injection Attacks on Large Language Models, USENIX Association."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Zhan, Q., Liang, Z., Ying, Z., and Kang, D. (2024). InjecAgent: Benchmarking Indirect Prompt Injections in Tool-Integrated Large Language Model Agents. arXiv.","DOI":"10.18653\/v1\/2024.findings-acl.624"},{"key":"ref_14","unstructured":"Zhang, H., Huang, J., Mei, K., Yao, Y., Wang, Z., Zhan, C., Wang, H., and Zhang, Y. (2024). Agent Security Bench (ASB): Formalizing and Benchmarking Attacks and Defenses in LLM-based Agents. arXiv."},{"key":"ref_15","unstructured":"European Parliament and the Council of the European Union (2016). Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation), Publications Office of the European Union."},{"key":"ref_16","unstructured":"Haro, J. (2023). Secure APIs, O\u2019Reilly Media."},{"key":"ref_17","unstructured":"Santos, O., and Radanliev, P. (2024). AI-Powered Digital Cyber Resilience, O\u2019Reilly Media."},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Sood, A. (2024). Combating Cyberattacks Targeting the AI Ecosystem, O\u2019Reilly Media.","DOI":"10.1515\/9781501520549"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Wendt, D.W. (2023). The Cybersecurity Trinity: Artificial Intelligence, Automation, and Active Cyber Defense, O\u2019Reilly Media.","DOI":"10.1007\/979-8-8688-0947-7"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Wendt, D.W. (2024). AI Strategy and Security: A Roadmap for Secure, Responsible, and Resilient AI Adoption, O\u2019Reilly Media.","DOI":"10.1007\/979-8-8688-1733-5"},{"key":"ref_21","unstructured":"(2023). Information Technology-Artificial Intelligence-Management System (Standard No. ISO 42001:2023)."},{"key":"ref_22","unstructured":"(2018). Risk Management\u2014Guidelines (Standard No. ISO 31000:2018)."},{"key":"ref_23","unstructured":"PMI (2024). Risk Management in Portfolios, Programs, and Projects, Project Management Institute."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Souppaya, M., Scarfone, K., and Dodson, D. (2022). Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities, National Institute of Standards and Technology.","DOI":"10.6028\/NIST.SP.800-218"},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"100","DOI":"10.1109\/MC.2017.143","article-title":"Six Tech Trends Impacting Software Security","volume":"50","author":"McGraw","year":"2017","journal-title":"Computer"},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"371","DOI":"10.1109\/TSE.2010.60","article-title":"An Attack Surface Metric","volume":"37","author":"Manadhata","year":"2011","journal-title":"IEEE Trans. Softw. Eng."},{"key":"ref_27","unstructured":"Bommasani, R., Hudson, D.A., Adeli, E., Altman, R., Arora, S., von Arx, S., Bernstein, M.S., Bohg, J., Bosselut, A., and Brunskill, E. (2021). On the Opportunities and Risks of Foundation Models. arXiv."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"36","DOI":"10.1145\/54289.871709","article-title":"The Confused Deputy: Or why capabilities might have been invented","volume":"22","author":"Hardy","year":"1988","journal-title":"Oper. Syst. Rev."},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Reddy, P., and Gujral, A.S. (2025). EchoLeak: The First Real-World Zero-Click Prompt Injection Exploit in a Production LLM System. arXiv.","DOI":"10.1609\/aaaiss.v7i1.36899"},{"key":"ref_30","unstructured":"Hines, K., Lopez, G., Hall, M., Zarfati, F., Zunger, Y., and Kiciman, E. (2024). Defending Against Indirect Prompt Injection Attacks With Spotlighting, USENIX Association."},{"key":"ref_31","unstructured":"Liu, Y., Deng, G., Li, Y., Wang, K., Wang, Z., Wang, X., Zhang, T., Liu, Y., Wang, H., and Zheng, Y. (2023). Prompt Injection attack against LLM-integrated Applications. arXiv."},{"key":"ref_32","unstructured":"Sabin, S. (2025, May 11). 1 Big Thing: AI-Powered Malware Is on Its Way. Available online: https:\/\/www.axios.com\/newsletters\/axios-ai-plus-b19d2e6e-7ec2-4d99-9b36-3f95c7298354.html."},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Tyagi, A.K., and Addula, S.R. (2024). Artificial Intelligence for Malware Analysis: A Systematic Study. Artificial Intelligence-Enabled Digital Twin for Smart Manufacturing, Wiley-Scrivener.","DOI":"10.1002\/9781394303601.ch17"},{"key":"ref_34","first-page":"82895","article-title":"Agentdojo: A dynamic environment to evaluate prompt injection attacks and defenses for llm agents","volume":"37","author":"Debenedetti","year":"2024","journal-title":"Adv. Neural Inf. Process. Syst."},{"key":"ref_35","unstructured":"Gu, T., Dolan-Gavitt, B., and Garg, S. (2017). BadNets: Identifying Vulnerabilities in the Machine Learning Model Supply Chain, Curran Associates, Inc."},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/s10994-021-06119-y","article-title":"Stronger data poisoning attacks break data sanitization defenses","volume":"111","author":"Koh","year":"2022","journal-title":"Mach. Learn."},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Wang, B., Yao, Y., Shan, S., Li, H., Viswanath, B., Zheng, H., and Zhao, B.Y. (2019, January 20\u201322). Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks. Proceedings of the IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, USA.","DOI":"10.1109\/SP.2019.00031"},{"key":"ref_38","unstructured":"De Stefano, G., Sch\u00f6nherr, L., and Pellegrino, G. (2024). Rag and Roll: An End-to-End Evaluation of Indirect Prompt Manipulations in LLM-Based Application Frameworks. arXiv."},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Srinivas, S., Kirk, B., Zendejas, J., Espino, M., Boskovich, M., Bari, A., Dajani, K., and Alzahrani, N. (2025). AI-Augmented SOC: A Survey of LLMs and Agents for Security Automation. J. Cybersecur. Priv., 5.","DOI":"10.3390\/jcp5040095"},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Palma, G., Cecchi, G., Caronna, M., and Rizzo, A. (2025). Leveraging Large Language Models for Scalable and Explainable Cybersecurity Log Analysis. J. Cybersecur. Priv., 5.","DOI":"10.3390\/jcp5030055"},{"key":"ref_41","unstructured":"(2024). Artificial Intelligence Act. Standard No. EU 2024\/1689. Available online: https:\/\/artificialintelligenceact.eu\/the-act\/."},{"key":"ref_42","unstructured":"(2023). Artificial Intelligence Risk Management Framework (AI RMF 1.0) (Standard No. NIST AI RMF 1.0)."},{"key":"ref_43","unstructured":"World Trade Organization (1994). Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS Agreement), WTO."},{"key":"ref_44","unstructured":"(2016). General Data Protection Regulation. Standard No. EU 2016\/679. Available online: https:\/\/eur-lex.europa.eu\/legal-content\/EN\/ALL\/?uri=CELEX:32016R0679."},{"key":"ref_45","unstructured":"Santos, O. (2024). Developing Cybersecurity Programs and Policies in an AI-Driven World, O\u2019Reilly Media. [4th ed.]."},{"key":"ref_46","unstructured":"MITRE Corporation (2021). ATLAS: Adversarial Threat Landscape for Artificial-Intelligence Systems (ATLAS), MITRE Corporation."},{"key":"ref_47","unstructured":"OWASP Foundation (2023). OWASP Top 10 for Large Language Model Applications, Open Worldwide Application Security Project (OWASP)."},{"key":"ref_48","unstructured":"Florida Senate (2026). Artificial Intelligence Bill of Rights, Florida Senate SB 482."},{"key":"ref_49","unstructured":"AXIOS (2026, January 20). Tech Group Opposes Florida AI Proposal \u2018Artificial Intelligence Bill of Rights\u2019. Available online: https:\/\/www.axios.com\/newsletters\/axios-tampa-bay-ea380018-35af-498f-98fb-b231af7193d0.html."},{"key":"ref_50","doi-asserted-by":"crossref","unstructured":"Zhang, B., Chen, Y., Liu, Z., Nie, L., Li, T., Liu, Z., and Fang, M. (2026). Practical poisoning attacks against retrieval-augmented generation. arXiv.","DOI":"10.1145\/3696410.3714756"},{"key":"ref_51","unstructured":"Duan, M., Suri, A., Mireshghallah, N., Min, S., Shi, W., Zettlemoyer, L., Tsvetkov, Y., Choi, Y., Evans, D., and Hajishirzi, H. (2024). Do membership inference attacks work on large language models?. arXiv."}],"container-title":["Journal of Cybersecurity and Privacy"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2624-800X\/6\/1\/27\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,12]],"date-time":"2026-02-12T05:32:04Z","timestamp":1770874324000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2624-800X\/6\/1\/27"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,2,6]]},"references-count":51,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2026,2]]}},"alternative-id":["jcp6010027"],"URL":"https:\/\/doi.org\/10.3390\/jcp6010027","relation":{},"ISSN":["2624-800X"],"issn-type":[{"value":"2624-800X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,2,6]]}}}