Definition
Documented real-world attacks — as opposed to laboratory demonstrations — where adversaries successfully used prompt injection to compromise live enterprise AI systems, including RAG pipelines and multi-agent workflows. Three such breaches were disclosed in June 2026, confirming that what was previously treated as a theoretical vulnerability is now a routine exploitation method. In these attacks, malicious instructions hidden in data the AI processes caused it to leak confidential information, exfiltrate credentials, or take unauthorised actions.
Why it matters
The disclosure of confirmed production breaches means organisations can no longer treat prompt injection as a future concern — it is an active threat requiring immediate controls across every AI system that ingests external content.