AI agents are moving from prototypes to production faster than security teams can adapt. Every week brings new incidents: agents leaking data, executing destructive commands, or being hijacked through prompt injection. 

To help teams understand what’s breaking, why, and what they can learn from it, we’re launching Agents Gone Rogue. 

The page is a living register of real-world AI agent failures, exploits, and defenses, consolidating publicly documented agent incidents from sources across the security, engineering, and research communities. Each entry logs the issue, impact, and resolution, giving teams a clear view into how agents fail in the wild.

The Three Patterns Behind Agentic Failures

The register is organized around the three ways agents break security:

Uncontrolled Agents.
Agents that act unpredictably and take unsafe actions on their own such as deleting data, exposing sensitive information, or making system-wide changes at machine speed.

Tricked Agents (Prompt Injection).
Agents that attackers manipulate through poisoned content, malicious websites, or crafted prompts that create a data exfiltration pipeline.

Weaponized Agents.
Agents built to attack using methods such backdoors, poisoned fine-tuning data, or compromised toolchains.

A Structured Resource for Security and Engineering Teams

Most organizations have seen these patterns emerging, but few have had a single place to track them. Agents Gone Rogue works to fill this gap. It’s a structured, regularly updated reference that reveals how attackers think, where agent defences are weak, and which design choices repeatedly create blast radius.

• Security leaders can use the register to understand the current threat landscape and educate internal stakeholders on the need for stronger guardrails. 
• Engineering teams can study concrete failure modes and design architectures that prevent repeat scenarios. 
• Product teams can identify where agent capabilities introduce operational and compliance risks long before they ship.

How to Contribute to the Register

While we’re doing the heavy-lifting, the register is also a place for the community to contribute. If you’re aware of a public incident we haven’t captured, you can submit it directly through the page. We’ll review it and bring it into the register so others can learn from it. The more complete this resource becomes, the faster the industry can converge on effective defenses.

A Foundation for Safer Agentic Systems

AI agents promise a lot, but they also introduce failure modes that traditional IAM, application security, and authorization were never built to control. Understanding those failure modes is the first step toward securing them. We want Agents Gone Rogue to provide that understanding and inform proactive design.

To explore the register or contribute an incident, visit the page. And if you want help running powerful agents safely in production, we’re here to talk.