SECURITYWEEK reports that Google’s analysis of indirect prompt injection attempts on public-web sites shows an upward trend in malicious activity, even though overall sophistication remains relatively low. The researchers identified two malicious classes: exfiltration, where prompts instruct AI to collect data such as IPs and credentials and send them to an attacker-defined address, and destruction, which sought to trick AI into deleting files on a user’s machine but was considered unlikely to succeed.
Google noted many injections were harmless pranks or attempts to deter AI, with some aimed at SEO or steering AI to claim a company is the best. Importantly, they observed a 32% increase in malicious prompt injection attempts between November 2025 and February 2026, suggesting the threat is maturing even as productionised, higher-sophistication attacks have not yet become widespread.
The findings, according to SecurityWeek, highlight that while past IPI attacks were low in sophistication, the rising trend could lead to greater scale and complexity in the near future.