Hackers Are Poisoning Websites to Hijack AI Agents via Indirect Prompt Injection
The attack is elegant in a disturbing way. An adversary doesn’t need to breach your AI infrastructure, compromise your API keys, or exploit a software vulnerability. They just need to get your AI agent to read a web page they control — and then they’re driving. Indirect Prompt Injection (IDPI) is the attack technique where malicious instructions are embedded in content that an AI agent processes: web pages, documents, calendar entries, emails. When the agent reads that content, it encounters instructions that override or subvert its intended behavior. The content tells the agent what to do, and the agent, trained to follow instructions, complies. ...