Hackers Are Hiding Instructions Inside Websites to Hijack AI Agents — Indirect Prompt Injection in the Wild
Researchers at Palo Alto Networks’ Unit 42 have published documentation of real-world indirect prompt injection attacks — and this is one of those security stories that deserves more attention from the AI builder community than it’s currently getting. The attack is conceptually simple and practically dangerous: a malicious actor embeds hidden instructions in a website’s content. When an AI agent browses that page as part of an automated task, it reads the hidden instructions and executes them — without the user ever seeing what happened. ...