Overview

The Q4 2025 Agent Security Trends Report breaks down how real-world attacks are already targeting early agentic AI systems. Based on a 30-day snapshot of production attack traffic observed by Lakera Guard, the report shows how attacker behavior is evolving as models gain capabilities like tool use, browsing, and structured context handling. Rather than speculative threats, this report focuses on what attackers are actually doing today: what they’re trying to steal, how they succeed, and which techniques show up again and again in practice.

The data reveals a clear shift toward more efficient and harder-to-detect attacks, especially indirect prompt injection delivered through external content that agents are designed to trust. Together, these trends highlight why securing agents requires going beyond output moderation and extending protections across the full agent workflow.

Highlights

Key signals from Q4 2025 attack data include:

• System Prompt Leakage dominates. Nearly 60% of observed attacks attempted to extract system instructions, making configuration targeting the primary attacker objective.‍
• Indirect attacks succeed faster. Indirect prompt injections required significantly fewer attempts than direct attacks, appearing across multiple attacker intents.‍
• New agent-specific attack surfaces. Tool use, external data ingestion, and script-shaped content introduced entirely new ways to manipulate agent behavior.‍
• Role play and obfuscation remain core techniques. Attackers consistently combined techniques like hypothetical scenarios, role play, and obfuscation to bypass safeguards.
  

Download the full report to explore the data, visuals, and deeper analysis behind these trends, and see what they mean for securing agentic systems heading into 2026.