Fooling AI Agents: Web-Based Indirect Prompt Injection Observed in the Wild

Real-world indirect prompt injection attacks targeting AI agents and Large Language Models (LLMs) have been observed in the wild. Adversaries are weaponizing hidden web content to exploit LLMs for high-impact fraud operations. These attacks involve manipulating AI systems through crafted web content that contains malicious prompts. The technique allows attackers to fool AI agents into performing unintended actions or providing unauthorized information. This represents an emerging threat vector as AI systems become more prevalent in enterprise environments. The attacks demonstrate how web-based content can be used as a vector to compromise AI-powered applications and services.