Fooling AI Agents: Web-Based Indirect Prompt Injection Observed in the Wild
IDPI exploits hidden instructions in web content processed by LLMs, causing unauthorized actions without direct interaction. Recent evidence shows substantial real-world malicious exploitation, including AI ad review evasion and SEO manipulation targeting phishing. 22 techniques were identified, necessitating proactive defenses against such threats. Understanding and mitigating web-based IDPI is crucial for the safety of AI systems integrated into web operations.
https://unit42.paloaltonetworks.com/ai-agent-prompt-injection/





