What happened
Adversa AI published the AI Risk Quadrant (AIRQ) Q2 2026 report on June 3–4, assessing 100 commercial and publicly available production AI agents across attack surface, blast radius, and defence controls. The Cloud Security Alliance published a research note amplifying the findings on June 6. The report identified that 98% of evaluated agents simultaneously possess private/sensitive data access, exposure to untrusted external content, and the ability to execute outbound actions — the 'Lethal Trifecta' enabling indirect prompt injection. Only 11% of agents scored as adequately defended; coding agents ranked second in capability but eighth in defence, creating supply-chain-level risk.
Why it matters
The finding that 98% of production agents carry all three trifecta conditions is not a theoretical warning but an empirical baseline drawn from 100 real deployments. An adversary who can place a single hostile document, email, or API response into an agent's context can, in 89% of cases, hijack privileged action capabilities without any additional foothold — making indirect prompt injection the production attack of record for enterprise AI.
Action needed
Run a trifecta audit across deployed agents: enumerate which agents hold (a) access to sensitive/private data, (b) exposure to untrusted third-party content, and (c) outbound action capabilities, and prioritise immediate control additions (tool allowlists, per-action approval gates, egress filtering) for every agent where all three are simultaneously present.