Agents
Researchers Catalog 10 In-the-Wild Indirect Prompt-Injection Attacks Targeting AI Agents
Security researchers disclosed 10 indirect prompt-injection (IPI) payloads seen in the wild, engineered for financial fraud, data destruction, and API-key theft by poisoning web content that agents crawl, summarize, or index for RAG. Related 2026 research finds attack success rates exceeding 85% against state-of-the-art defenses when adaptive strategies are used, with Google reporting a 32% rise in injection payloads embedded in web content. 'Goal hijacking' — redirecting an autonomous agent's entire objective — is highlighted as the most dangerous higher-order variant for builders to defend against.
↳ Follow the thread