he promise of AI-driven productivity comes with a catch: every implementation hands over the keys to your company's data and operations to new technology, unlocking a host of security risks.
To help enterprises better determine which models minimize or amplify those risks, Cisco on Monday released its LLM Security Leaderboard, a comprehensive ranking of the top models based on how they respond to adversarial attacks and the associated security risks.
"Data across numerous studies indicate that the adoption of AI into organizations is outpacing security readiness. Cisco’s own AI Readiness Index found 83% of organizations planned to deploy agentic AI, but only 29% felt ready to do so securely," Amy Chang, Head of AI Threat Intelligence & Security Research at Cisco, told The Deep View. "The LLM Security Leaderboard gives leaders and security teams across diverse adoption and maturity stages a concrete starting point to understand how generative AI can be susceptible to different threats."
The leaderboard results were calculated based on rigorous testing that measured single- and multi-turn attacks aimed at eliciting a harmful or malicious response from the model. Anyone can access the results for free, but here is a quick breakdown:
Anthropic: The company dominated the leaderboard, holding 8 out of the top 10 spots, with Claude Opus 4.5, taking first place, followed by Sonnet 4.5 and Haiku 4.5.OpenAI: GPT-5.2 and GPT 5 Nano managed to make it into the top 10, too, coming in 7th and 9th place, respectively.** Bottom of the leaderboard:**Mistral took the last two places with its Magistral Small 2509 and Ministral 3 14b Instruct models. The list of the bottom 10 (least secure models) also includes models from DeepSeek, Cohere, Qwen and xAI.
A key advantage of Cisco’s approach is its emphasis on limiting bias. The methodology was posted online to ensure that readers understood exactly how the conclusions were reached and could accurately compare models side by side. Cisco also reassures the public that no extra guardrails or safety measures were used to bolster any models’ performance.
"Many benchmarks focus predominantly on single-turn jailbreaks," said Chang. "Our leaderboard explicitly evaluates multiturn conversational attacks, which better reflect real-world adversarial behavior where attackers attempt to degrade model guardrails over longer conversations."
For a complete look at the leaderboard, the public is invited to visit the website, where the LLM Security Rankings, Cisco AI Security and Safety Framework, and Methodology are available.
Our Deeper View #
While other companies have previously offered similar rankings, the public nature of Cisco's LLM Security Leaderboard is key to holding AI companies accountable. Microsoft, for instance, provides security scores for models in its internal offerings, helping customers choose the right tool for specific use cases. But that visibility is limited to a subset of customers, reducing the pressure on the companies behind the models. Cisco's leaderboard is open to all, including the enterprise business leaders these AI labs most want to impress. That kind of public scrutiny is more than enough motivation for model makers to shape up.