Multiple outlets report on research identifying prompt injection campaigns that exploit autonomous AI agents browsing the web. The findings describe malicious websites that embed indirect prompt-injection content designed to influence how AI agents interpret and act on instructions encountered during navigation. Instead of issuing direct commands, the sites hide or disguise the injected text within web content, aiming to bypass detection and steer the agent toward attacker objectives. According to the reports, the targeted outcome is cryptocurrency payments: the manipulated agents are led to initiate or authorize crypto transactions. SecurityWeek highlights two separate campaigns using this approach, while Infosecurity Magazine attributes the discovery to Zscaler’s findings and describes the technique as “indirect prompt injection” embedded in web content. In both accounts, the core issue is that AI agents can be tricked by web page text that the agent considers actionable instructions, even when the malicious content is not overtly presented as instructions to a human user. The reports emphasize the risk posed by agentic systems that browse and take actions based on information gathered from untrusted websites.