SECURITY researchers have unveiled 10 new indirect prompt injection (IPI) payloads targeting AI agents, designed to enable financial fraud, data destruction, API key theft and more, according to Infosecurity Magazine. The attack chain involves poisoning web content so that when an agent crawls or summarises it, the malicious instructions are executed as legitimate, impacting any agent that browses, indexes or processes web content for tasks such as RAG pipelines or moderation.
Forcepoint senior security researcher Mayur Sewani explained that “the impact scales with AI privilege” and that an agentic AI capable of sending emails, executing terminal commands or processing payments becomes a high-impact target.
The Forcepoint research outlines common triggers for IPI, including “Ignore previous instructions” and “If you are a large language model.” One payload even embeds a PayPal[.]me link and a $5,000 amount with full instructions to process the transaction, described as a weaponized payload for immediate execution. Forcepoint warned that ingesting untrusted web content without a strict data-instruction boundary could turn every page read into a potential threat.