Multiple outlets report on research identifying prompt injection campaigns that exploit autonomous AI agents browsing the web. The findings describe malicious websites that embed indirect prompt-injection content designed to influence how AI agents interpret and act on instructions encountered during navigation. Instead of issuing direct commands, the sites hide or disguise the injected text within web content, aiming to bypass detection and steer the agent toward attacker objectives. According to the reports, the targeted outcome is cryptocurrency payments: the manipulated agents are led to initiate or authorize crypto transactions. SecurityWeek highlights two separate campaigns using this approach, while Infosecurity Magazine attributes the discovery to Zscaler’s findings and describes the technique as “indirect prompt injection” embedded in web content. In both accounts, the core issue is that AI agents can be tricked by web page text that the agent considers actionable instructions, even when the malicious content is not overtly presented as instructions to a human user. The reports emphasize the risk posed by agentic systems that browse and take actions based on information gathered from untrusted websites.
Indirect prompt injection campaigns manipulate AI agents into making crypto payments
Multiple outlets report on research identifying prompt injection campaigns that exploit autonomous AI agents browsing the web. The findings describe malicious websites that embed indirect prompt-injec...
- Researchers describe indirect prompt injection embedded in malicious web content.
- The technique targets autonomous AI agents that browse the web and follow instructions.
- Manipulated agents are directed toward initiating crypto payments.
- SecurityWeek reports two separate prompt-injection campaigns.
- Infosecurity Magazine cites Zscaler findings about the same overall attack approach.
Zscaler found sites hiding prompt-injection text to manipulate AI agents into crypto payments
3 hours agoResearchers uncovered two campaigns embedding indirect prompt injections in malicious websites to exploit autonomous AI agents browsing the web. The post Prompt Injection Attacks Trick AI Agents Into Making Crypto Payments appeared first on SecurityWeek.
7 hours agoMicrosoft to cut about 4,800 jobs and restructure Xbox
Microsoft announces it will eliminate about 4,800 jobs globally, roughly 2% of its workforce, as part of a company-wide...
AI coding tools speed up development but keep code in human review and raise production risks
Developers increasingly use AI coding tools and agentic systems to generate code, tests, and documentation faster, but m...
Apple seeds iOS 27 developer beta and previews new Siri, Maps, Wallet and health features
Apple has released the first iOS 27 developer beta following its WWDC 2026 keynote and says the software will move to a...