90 incidents. That's the count in a publicly available security tracker covering AI agent breaches, vulnerabilities, and attacks from 2024 through early 2026. Every entry is sourced, organized by year, and includes the date, affected company, impact, root cause, CVE identifiers (the official numbering system security researchers use to track specific vulnerabilities) where applicable, and links to primary sources. The tracker is updated weekly.
The scope is broader than most people working with AI tools probably assume. Supply chain attacks compromised widely-used AI infrastructure libraries including LiteLLM (a popular tool for routing requests across multiple AI models), Trivy, and Axios. Framework vulnerabilities hit LangChain, Langflow, and OpenClaw - the systems developers use to build AI agents that can browse the web, execute code, and interact with external services. Enterprise incidents reached companies including Meta.
Where the Incidents Are Actually Concentrating
The breakdown by category is what makes this tracker useful rather than just alarming. Supply chain attacks, framework vulnerabilities, and enterprise breaches represent different threat vectors that require different defenses. A compromised package in your AI development stack is a different problem than a prompt injection attack - where malicious text in a document or webpage tricks an AI agent into executing unintended commands - on a customer-facing chatbot.
For anyone building production AI agents - tools that take actions autonomously, access external systems, or handle user data - the 90-incident count is a reality check. These aren't edge cases. They're happening regularly, at companies of all sizes, across the most commonly used AI frameworks.
The Security Review Most Teams Skip
Most AI security discussions stay focused on the model layer: jailbreaks, harmful outputs, hallucinations. This tracker redirects attention to the infrastructure underneath - the libraries, frameworks, and integrations that connect AI models to real systems. That's where most of the documented incidents originate.
If your team is deploying AI agents and your security review consists of checking the model's content filters, this tracker is a practical argument for expanding scope. What packages are you pulling in? Have any had recent security issues? What permissions do your agents hold when operating on your systems or your customers' data?
The tracker doesn't prescribe solutions. What it does offer is a clear, sourced picture of where risk is actually concentrating in production AI systems - which is more than most teams currently have.