Malicious Websites Hide Prompt Instructions in DOM to Poison AI Agent Decision-Making
ID: a173c530-5213-5e2f-ab74-9cde23e57799
STIX ID: report--a173c530-5213-5e2f-ab74-9cde23e57799
Feed Name: Cyber Press
Zscaler ThreatLabz uncovered two campaigns that weaponize web content against AI workflows via Indirect Prompt Injection and DOM poisoning: a fake Python package documentation site elevated by SEO poisoning that hides instructions to steal small payments, and a DeBank typosquatting site that injects prompts to contaminate RAG and rank the malicious site as authoritative; the report details technical TTPs (JSON-LD abuse, off-screen CSS, metadata fabrication), includes domain IOCs, and notes model-dependent susceptibility.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
