G8KEPR processes AI API traffic for enterprise deployments across financial services, healthcare, and SaaS. This post shares aggregate, anonymised data on the attack patterns we observe — what attackers try, how often, and which techniques are growing. Individual customer data is never included; all figures are aggregated across the platform.
Attack Category Breakdown
Of all flagged requests in Q1 2026, the breakdown by attack category was: direct prompt injection (41%), role hijacking attempts (22%), PII extraction attempts (18%), jailbreak attempts (11%), policy puppetry (5%), special token injection (2%), FlipAttack/encoding (1%).
Direct prompt injection: still dominant
Despite years of public awareness, 'ignore your previous instructions' variants — with slight rewording — remain the most common attack. This reflects the attacker population: most are opportunistic, testing known techniques rather than developing novel ones. Novel attacks are a small fraction of total volume but represent disproportionate risk.
Role hijacking is growing
'You are now DAN' and similar role-reassignment attempts have grown 340% year-over-year. This tracks with the wider availability of jailbreak templates. The success rate against unprotected systems remains high for open-weight models and variable for frontier models.
PII extraction is the highest-severity category
Attempts to extract PII via AI pipelines — asking the model to reveal user data it has been given in context, or to call retrieval tools and return raw records — have a higher average severity score than other categories because the blast radius of a successful attempt often includes structured data across multiple users.
Timing Patterns
Attack volume is not uniform throughout the day. We observe a peak between 02:00-04:00 UTC (consistent with automated scanning) and a secondary peak during US business hours (consistent with manual testing by legitimate red teamers and security researchers). Weekend volume is ~40% of weekday volume.
G8KEPR's threat intelligence library is updated weekly with new pattern variants observed in production. If you're evaluating G8KEPR and want to see the full pattern library, the current version is published in the platform documentation.
Related reading
The AI API Security Checklist: 40 Controls for Production Deployments
The threat patterns show what attacks look like — this checklist shows exactly what defenses to build against them.
Related reading
G8KEPR Red Team Run 4: What We Found and What We Fixed
See how these threat patterns translate into a real penetration test against our own infrastructure.
Deploy the 1,500+ pattern library on your APIs
G8KEPR's threat intelligence ships as part of every subscription — automatically updated as new attack variants emerge in production.
Start free trial