Artificial Intelligence (AI) > Are LLMs secure?
Are LLMs secure? AI security risks explained
AI assistants have become everyday tools for work, research, and communication. But the same systems that make them useful also make them a security liability. Here's what you should know about the security risks of LLMs and AI.

What is an LLM and how is it related to AI and security?
Artificial intelligence encompasses dozens of kinds of machine learning software, from facial recognition to bank fraud detection to board games. Large language models (LLMs) are one specific type of AI: They're the engine behind every major AI assistant you've heard of, including ChatGPT, Microsoft Copilot, Google Gemini, and Proton's own Lumo.
An LLM learns by processing enormous amounts of information — books, articles, documentation, code, and academic papers — and finding patterns in how language works. Over time, it gets better at predicting what should come next in any piece of writing, enabling it to hold entire conversations, summarize documents, or draft emails that sound like a real person wrote them.
Because LLMs process so much information, and because people increasingly share sensitive personal and professional details with them, LLM security is especially crucial to ensure confidential data isn't stolen or leaked.
Where does agentic AI fit in?
In the past, LLMs were limited to responses — you asked something, the AI answered. Agentic AI goes further. An AI agent still uses an LLM to reason and communicate, but it can also take actions: browsing the web, writing and running code, sending messages, connecting to external apps, and managing your files. Instead of answering a single question, it can work through a multi-step task with little human oversight.
That extra capability comes with increased risk. When an AI can act on things independently, the fallout from it being tricked or going wrong is much more serious. Agentic AI security is one of the fastest-growing concerns in the field precisely because these systems are increasingly built into workplace tools, often with more access than they really need.
LLM security and the potential dangers of AI
The security risks of AI and LLMs are so concerning because they're integrated with the basic architecture of how these tools are designed and deployed. When you ask an AI assistant a personal health question, share a business strategy, or talk through a legal situation, that information typically ends up on servers you don't control and can be subject to laws or standards of conduct you may not even be aware of. LLM security isn't something only IT teams need to think about; it's a practical issue for anyone who uses AI, whether it's for private or professional purposes.
Biggest LLM and AI security risks
LLMs are built into more tools every day — but they still come with several security risks
that aren't immediately obvious.
Most AI platforms hold onto your prompts, responses, and interaction data by default. That information can be read by company staff, fed into future model training, sold to third parties, or even handed over to authorities. Once your conversations land on someone else's servers, you have little say over how that data is stored, used, or shared.
Most AI products comprise components built by different organizations and companies, including base models, plugins, APIs, and data pipelines. If something within that supply chain is compromised, every user of that product is affected, often without any obvious indication that anything is wrong.
LLMs can surface data they were never meant to share. This could be information obtained from training data, other users' sessions, or your own earlier conversations that the AI still has access to. In business settings, where multiple people share the same AI tool and sensitive data flows through the same system, these leaks can cause serious damage.
Since agentic AIs have the ability to send emails, run code, or access your files, the stakes of them being manipulated go up considerably. An AI agent with too many permissions can take actions across multiple connected systems, often before anyone notices anything is wrong. The more you let an AI act on your behalf, the more important it is that its access is tightly controlled.
Prompt injection is one of the most widespread AI security risks. It works by hiding malicious instructions inside content fed to the AI, such as in a PDF or webpage, to manipulate AI agents that can act autonomously. Those instructions quietly override the AI agent's behavior, potentially causing it to leak confidential data, act against your interests, or produce deceptive outputs — all while everything seems normal on the surface.
How Lumo approaches AI security differently
Most AI assistants are designed to give the platform maximum insight into how you use them. Lumo is designed to do the opposite, giving you greater control and peace of mind over how your data is handled.
No logs, ever
Lumo's LLM server processes your message and discards it the moment a response is generated. There's no log of what you asked, what was answered, or when. No plaintext chats are retained on the server, meaning there's nothing to be breached, subpoenaed, or misused.
Your messages are encrypted before they leave your device
Lumo uses bidirectional asymmetric encryption — called User-to-Lumo (U2L) encryption — to protect your messages in transit. Your actual message is only ever readable by the LLM server itself, and only for as long as it takes to produce a response.
Conversation history is locked with zero-access encryption
After a response is generated, your conversation is stored using zero-access encryption — protected by a key that only you hold. Proton never has access to it. Even if Proton's servers were fully compromised, your conversation history would remain unreadable.
Open-source models and code let experts verify Lumo's security
Unlike closed-source AI tools like ChatGPT, Copilot, and Gemini, Lumo runs on open-source models and code, so anyone can inspect our architecture for vulnerabilities and verify that it does only exactly what we claim.
No ads or data sharing
Most AI assistants are built on business models that depend on collecting and retaining your data. Lumo is different. Proton's revenue comes from subscriptions, not data monetization, so there's no incentive to log your conversations, share them with third parties, or use them to serve you ads.
Hosted in Europe, not subject to US surveillance laws
AI tools built by US companies can be compelled to disclose your data under laws like the CLOUD Act. Lumo runs on Proton-controlled servers in Europe, under some of the world's strongest privacy protections. Your conversations are out of reach of foreign government access requests.
Join an encrypted ecosystem that keeps you secure everywhere
Lumo is part of a privacy-first ecosystem that protects your data with powerful encryption. Nobody can see your data except you and the people you choose to share it with — not even us.
Create a free Lumo account and you'll also unlock access to our VPN(new window), email, calendar, cloud storage, document editor, spreadsheet editor, password manager, video conferencing, and more.
What people say about Lumo
It’s the only place anyone will see your conversations.
Switch to a truly secure AI assistant
AI tools built by the biggest tech platforms are designed to be useful, but often at the cost of your security and privacy. Lumo gives you a capable, encrypted LLM and AI assistant without any of the security trade-offs.

Frequently asked questions about LLMs and AI security
- What are the biggest AI security risks for everyday users?
- Is Lumo safe for confidential or sensitive work?
- What are the main dangers of AI for businesses?
- What languages does Lumo support?

