Agents
Unit 42: Web-Based Indirect Prompt Injection Observed in the Wild — Adversaries Weaponize Routine Summarization Tasks for High-Impact Fraud
Palo Alto Networks Unit 42 published research documenting real-world indirect prompt injection attacks where adversaries embed hidden instructions in HTML, metadata, and user-generated content processed by AI agents during routine summarization or content analysis. The report documents observed fraud cases where agents were manipulated to execute unauthorized transactions, pivot to credential exfiltration, or delete data. Unit 42 frames the threat as 'an autonomous insider at their command' and identifies web search, browser integration, and content pipelines as the highest-risk entry points — establishing this as an active threat category, not theoretical.
↳ Follow the thread