ai agent

Fooling AI Agents: Web-Based Indirect Prompt Injection Observed in the Wild

IDPI exploits hidden instructions in web content processed by LLMs, causing unauthorized actions without direct interaction. Recent evidence shows substantial real-world malicious exploitation, including AI ad review evasion and SEO manipulation targeting phishing. 22 techniques were identified, necessitating proactive defenses against such threats. Understanding and mitigating web-based IDPI is crucial for the safety of AI systems integrated into web operations.

https://unit42.paloaltonetworks.com/ai-agent-prompt-injection/

IBM’s AI Agent Bob Easily Duped to Run Malware, Researchers Show

IBM's AI agent Bob is vulnerable to prompt injection attacks, allowing it to execute malware. Despite IBM's security measures, researchers from PromptArmor demonstrated that Bob could be manipulated into executing harmful commands by leveraging a prompt injection technique with malicious Markdown files. While IBM advises caution and user approval for risky actions, Bob's defenses were bypassed, enabling the potential execution of malware without proper consent. This raises significant concerns about the security of AI software in development workflows, particularly when handling untrusted data.

https://www.theregister.com/2026/01/07/ibm_bob_vulnerability/

Google Chrome Adds New Security Layer for Gemini AI Agentic Browsing

Google Chrome introduces ‘User Alignment Critic', a new security layer for Gemini AI agentic browsing, enhancing protection against unsafe actions and data exposure. This system uses an isolated LLM to vet agent actions, restricts access to trusted sites, prompts user confirmation for sensitive tasks, and detects prompt injection attempts, showcasing a robust defense compared to competitors.

https://www.bleepingcomputer.com/news/security/google-chrome-adds-new-security-layer-for-gemini-ai-agentic-browsing/

When AI Agents Go Rogue: Agent Session Smuggling Attack in A2A Systems

Extreme TLDR: A new attack method, “agent session smuggling,” exploits AI agents' communication protocols (A2A) to inject harmful instructions during ongoing sessions, allowing malicious agents to manipulate and deceive victim agents. This dynamic threat leverages trust relationships and stateful interactions, making detection difficult. Mitigation strategies include human oversight, remote party verification, and context awareness. The research emphasizes the need for advanced security tools and proactive assessments to safeguard AI environments against evolving threats.

https://unit42.paloaltonetworks.com/agent-session-smuggling-in-agent2agent-systems/

Agentic AI and Security

Agentic AI systems raise significant security concerns due to their inability to distinguish between instructions and data. This vulnerability leads to the “Lethal Trifecta” risk, where access to sensitive data, exposure to untrusted content, and external communication can result in data leaks. To mitigate these risks, developers should minimize access to sensitive information, restrict untrusted content consumption, and utilize sandboxing or containerization to isolate tasks. Key strategies include splitting tasks, maintaining human oversight, and applying the Principle of Least Privilege. These precautions aim to improve security without discarding the powerful capabilities of LLM-driven applications.

https://martinfowler.com/articles/agentic-ai-security.html

Scroll to Top