Researchers have identified a new class of AI attack called agent data injection (ADI), where attackers manipulate the trusted data fields—such as sender names or button IDs—that AI agents rely on, causing them to misclick or execute malicious commands without altering the agent’s task instructions. This probabilistic delimiter injection exploits AI models' probabilistic parsing of punctuation to fake trusted data, bypassing typical prompt-injection defenses and affecting various AI tools including web agents and coding assistants. While some mitigations like randomizing element IDs can reduce the attack’s success, the vulnerability remains significant as AI agents continue to blend trusted and untrusted data without clear separation.
https://thehackernews.com/2026/07/new-agent-data-injection-attack-can.html

