Skills
Google Security Research: Prompt Injection Attacks on the Open Web Up 32% — First Large-Scale Scan of 2-3 Billion Pages Reveals Low Sophistication but Maturing Threat
Google scanned 2-3 billion crawled pages per month and observed a 32% relative increase in malicious prompt injection content between November 2025 and February 2026. Most attacks found were low-sophistication experiments by individual website authors — not advanced IPI strategies from published research — but the upward trend indicates the threat is maturing and will soon grow in both scale and complexity. The critical distinction: a browser AI that only summarizes is low-risk, but an agentic AI that can send emails, execute commands, or process payments becomes a high-impact target for these embedded instructions.
↳ Follow the thread