New Agent Data Injection Attack Can Make AI Agents Misclick or Run Attacker Commands

Researchers have identified a new class of AI attack called agent data injection (ADI), where attackers manipulate the trusted data fields—such as sender names or button IDs—that AI agents rely on, causing them to misclick or execute malicious commands without altering the agent’s task instructions. This probabilistic delimiter injection exploits AI models' probabilistic parsing of punctuation to fake trusted data, bypassing typical prompt-injection defenses and affecting various AI tools including web agents and coding assistants. While some mitigations like randomizing element IDs can reduce the attack’s success, the vulnerability remains significant as AI agents continue to blend trusted and untrusted data without clear separation.

https://thehackernews.com/2026/07/new-agent-data-injection-attack-can.html

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top