The scary 2026 stat isn't the 340% surge in prompt injection or the 88% of orgs

reporting agent incidents (OWASP-linked, Beam AI). It's this: the leak

is often not in the answer your logs capture — it's in the model's reasoning, which

most people never scan. A 2026 benchmark found data escaping through reasoning/logs

while the visible output stayed clean in most scenarios (AgentLeak).