A recent report by Zscaler's ThreatLabz reveals a new cyberattack method called indirect prompt injection aimed at AI agents. This technique involves embedding hidden instructions within websites to manipulate AI behaviors. Two notable campaigns were documented: one masquerading as software documentation to facilitate a payment scam, and another typosquatting a popular cryptocurrency service to falsely establish its authority.
Attackers employed SEO tactics to ensure high visibility of their sites and used methods like CSS to hide malicious instructions. Testing on 26 large language models demonstrated that susceptibility varied, with some models being manipulated into executing fraudulent payments. The findings highlight the growing risk as AI becomes more prevalent in web interactions.