AI security incidents are still rare, but their severity is climbing. We analyzed 47 production incidents disclosed between Jan 2025 and Apr 2026.
Methodology
47 anonymized incidents collected from public disclosures, partner reports, and our own engagements. Categorized by attack vector, root cause, blast radius, and recovery time.
Incident categories
- Prompt injection (34% of incidents)
- Data exfiltration via tool use (23%)
- Unauthorized agent action (19%)
- Hallucinated business action (15%)
- Secret leakage via logs (9%)
Top root causes
- No input validation between user message and agent prompt
- Over-broad tool permissions ("agent can do anything the user can")
- No output filtering before tool execution
- System prompts treated as security boundary (they aren't)
- Verbose logging of full conversation history without redaction
Blast radius
- Median: 1 affected customer / 1 system
- Top decile: 1,000+ affected customers / multiple systems
- Worst: $14M settlement (financial services, hallucinated transaction approvals)
Controls that would have prevented each incident
- Input validation + length limits + content filtering
- Least-privilege tool design (separate read vs write permissions)
- Output validation against schemas before tool execution
- Real authentication boundaries instead of system-prompt rules
- PII redaction in logs and conversation history
- Human approval for high-blast-radius actions (financial transactions, data deletion, customer comms)
Want a security review of your AI deployments? Book a call.
Cite as: Creative Genius (2026). AI Security Incident Report 2026. Retrieved from creativegenius.ai/research/ai-security-incident-report-2026