Attack Categories — Ranked by Callback
Which attack categories actually compromise AI agents? This page ranks the 14tested categories by callback count from the live honeypot network. A callback means the agent followed an injected instruction and reported back to our telemetry endpoint — the strongest available signal that the agent is vulnerable.
Callback count by category
Higher bars = more agents fell for that category. Click any category to see the attack scenarios that produced the callbacks.
Injection classes observed in the wild
Independent signal from HoneyMap, our distributed surface scanner. These are real injection attempts discovered across 322 domains and 404 distinct surfaces.
Where injections actually hide
Surface types that carry real injections in the wild, ranked by count. Every one of these is fair game for an agent reading the page.
- script_literal145
- hidden_text122
- html_comment87
- alt_aria35
- meta_tag9
- data_attr6
How we count
A callback is registered when an agent follows an injected instruction and posts to /api/report with the attack ID. This is the strongest available signal of compromise: the agent didn't just read the payload, it acted on it.
Categories on this page are read from the live Registry. The ranking changes as new callbacks arrive. article-*entries are filtered out — they represent research-article pageviews, not attack callbacks.
Test your agent against all of them
HackMyAgent drives your agent through every category on this page and prints each finding with a verify command and a fix command. No accounts, no setup, takes a few minutes.
npx hackmyagent secure