OrcaRouter, the OpenAI-compatible LLM gateway, has released the AI Threat Report 2026 and made two of its security controls—the agent Firewall and input/output Guardrails—available at no cost to all users. According to the company, these controls can be attached to an existing API key without requiring a separate integration or purchase.
Key Findings from the AI Threat Report 2026
The report identifies 14 key risks across four threat categories: content plane, action plane, economic, and trust & supply chain. Prompt injection ranks as the top risk to LLM applications, and the company states it cannot be fully patched. Telemetry from production LLM applications shows the average successful attack completes in 42 seconds, with 90% of attacks leaking sensitive data, according to Pillar Security. Prompt-injection attacks rose 340% year over year, per OWASP Q1 2026 data. Additionally, 13% of organizations have already been breached through an AI model or application, and 97% of those lacked basic AI access controls, according to IBM 2025 data.
Rising Incidents and Attack Patterns
The report highlights the EchoLeak attack (CVE-2025-32711), where attackers exfiltrated corporate data from Microsoft 365 Copilot without any user interaction—no link clicked, no attachment opened. The attack gathered sensitive context from mail, files, and chat history and smuggled it out through an auto-loading image URL. Other incidents include the exposure of 300 million private chat messages from over 25 million users via a Firebase misconfiguration (404 Media, Malwarebytes, Jan 2026), and Sears Home Services exposing 3.7 million AI chat transcripts and call recordings (ExpressVPN, Cybernews, Mar 2026). An attacker also chained a single CVE (CVE-2026-39987) into a live LLM agent that extracted cloud credentials and exfiltrated an entire internal PostgreSQL database in under two minutes (Sysdig, The Hacker News, May 2026).
Why Traditional Security Falls Short
Traditional security assumes a boundary between trusted inside and untrusted outside, but language models dissolve that boundary because a model's input is also its programming. Prompt injection holds the #1 position in the OWASP Top 10 for LLM Applications and is a structural property of the medium, not a bug that can be patched. The report concludes that AI security is an architecture problem, not a model-training problem.
Gateway-Level Approach: Two Planes, Six Layers
OrcaRouter's design places six independent, auditable layers between a request and its execution: scoped identity, input guardrails, action firewall, output guardrails, anomaly detection, and signed audit. The action firewall judges every tool call, MCP dispatch, and network egress against ordered, default-deny policy with six verdicts: allow, audit, deny, sanitize, pending-approval, and cap-cost.
Evaluation and Compliance
The Guardrails and Firewall ship with an evaluation harness scoring them against over 80 open-source red-team corpora, including HarmBench, JailbreakBench, AdvBench, NVIDIA's garak, AgentDojo, and TruthfulQA. OrcaRouter also integrates open tooling like OSV for dependency CVEs and Semgrep for code that transits a prompt. The company ships 36 compliance framework packs, including OWASP LLM Top 10, NIST AI RMF, ISO/IEC 42001, EU AI Act, SOC 2, HIPAA, PCI DSS, and GDPR.
Free Release and Staged Rollout
OrcaRouter made the controls free deliberately, citing that restricting AI use without an approved alternative tends to increase shadow AI, which already drives one in five breaches at a $670,000 premium (IBM, 2025). The company recommends a staged rollout: observe (audit mode), shadow (would-block mode), then enforce. Most teams convert in weeks.
The Firewall and Guardrails are available now to all OrcaRouter users. The AI Threat Report 2026 is published on the OrcaRouter documentation site.
