Hidden Web Prompts Trick AI Agents Into Sending Money
ID: 407b8898-fc85-53f3-87be-15435eaca728
STIX ID: report--407b8898-fc85-53f3-87be-15435eaca728
Feed Name: Security Affairs
Zscaler ThreatLabz reports two active campaigns that embed hidden prompts in web pages (via JSON-LD structured metadata, off-screen DIVs, and keyword stuffing) to trick autonomous AI agents into executing payments or treating fraudulent domains as authoritative; one targeted a fake Python package requiring a $3 "developer API license" and initiated an ETH transfer, while the other was a DeBank typosquatting site. Tests across 26 LLMs showed multiple models executed payments or misclassified the fake sites, and the researchers advise treating web-retrieved content as adversarial, restricting agent tool permissions, and adding input validation at the content layer.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
