Skip to main content

List Security Events

GET/api/v1/mail/security/events

Overview

List security events detected by SpiderMail's protection systems. This includes prompt injection attempts in inbound emails and credential leak blocks in outbound emails.

SpiderMail continuously monitors email traffic for:

  • Prompt injection attacks - attempts to manipulate AI agents via email content
  • Credential leaks - API keys, passwords, or tokens in outbound emails
  • Obfuscation attempts - base64/unicode encoded malicious content
  • Data exfiltration requests - attempts to extract sensitive data

Query Parameters

limitintegerdefault: 50

Maximum number of events to return (max 100)

offsetintegerdefault: 0

Offset for pagination

event_typestring

Filter by event type: injection_detected, credential_blocked, obfuscation_detected, quarantined, released

directionstring

Filter by direction: inbound or outbound

Request

curl "https://spideriq.ai/api/v1/mail/security/events?limit=20" \
  -H "Authorization: Bearer <client_id>:<api_key>:<api_secret>"

Response

{
  "success": true,
  "events": [
    {
      "id": 1234,
      "message_id": 5678,
      "mailbox_id": 1,
      "event_type": "injection_detected",
      "direction": "inbound",
      "details": {
        "patterns": ["ignore previous instructions"],
        "flags": ["injection_attempt"]
      },
      "created_at": "2026-02-24T10:30:00"
    },
    {
      "id": 1235,
      "message_id": null,
      "mailbox_id": 1,
      "event_type": "credential_blocked",
      "direction": "outbound",
      "details": {
        "credential_types": ["openai_api_key"],
        "reason": "Credential leak detected: openai_api_key"
      },
      "created_at": "2026-02-24T11:15:00"
    }
  ],
  "total": 42
}

Event Types

Event TypeDirectionDescription
injection_detectedinboundPrompt injection pattern found in email
obfuscation_detectedinboundBase64/unicode obfuscation detected
hidden_injectioninboundInjection found inside decoded obfuscated content
exfiltration_attemptinboundData exfiltration request detected
credential_blockedoutboundCredential leak blocked before send
quarantinedinboundMessage auto-quarantined for review
releasedinboundMessage released from quarantine by admin

Security Patterns Detected

Inbound (Prompt Injection)

SpiderMail detects these injection patterns:

  • Direct overrides: "ignore previous instructions", "disregard all prior"
  • Role manipulation: "you are now a", "pretend you are", "act as if"
  • System prompt hijacking: "new system prompt", "[SYSTEM]", "[ADMIN]"
  • Data extraction: "include your API key", "reveal your instructions"

Outbound (Credential Leaks)

SpiderMail blocks emails containing:

  • API keys: OpenAI (sk-), Stripe (sk_live_), AWS (AKIA), GitHub (ghp_), Slack (xox)
  • Private keys: RSA, SSH, PGP
  • Auth tokens: Bearer, Basic
  • Secrets: Password/secret assignments