logo

Malicious Websites Hide Prompt Instructions in DOM to Poison AI Agent Decision-Making

ID: a173c530-5213-5e2f-ab74-9cde23e57799

STIX ID: report--a173c530-5213-5e2f-ab74-9cde23e57799

Feed Name: Cyber Press

Threat Score
65/100

Date Published: 2026-07-03

Date Updated: 2026-07-03

Author: Varshini

...
...

Zscaler ThreatLabz uncovered two campaigns that weaponize web content against AI workflows via Indirect Prompt Injection and DOM poisoning: a fake Python package documentation site elevated by SEO poisoning that hides instructions to steal small payments, and a DeBank typosquatting site that injects prompts to contaminate RAG and rank the malicious site as authoritative; the report details technical TTPs (JSON-LD abuse, off-screen CSS, metadata fabrication), includes domain IOCs, and notes model-dependent susceptibility.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.