logo

Hidden Web Prompts Trick AI Agents Into Sending Money

ID: 407b8898-fc85-53f3-87be-15435eaca728

STIX ID: report--407b8898-fc85-53f3-87be-15435eaca728

Feed Name: Security Affairs

Threat Score
60/100

Date Published: 2026-07-06

Date Updated: 2026-07-06

Author: Pierluigi Paganini

...
...

Zscaler ThreatLabz reports two active campaigns that embed hidden prompts in web pages (via JSON-LD structured metadata, off-screen DIVs, and keyword stuffing) to trick autonomous AI agents into executing payments or treating fraudulent domains as authoritative; one targeted a fake Python package requiring a $3 "developer API license" and initiated an ETH transfer, while the other was a DeBank typosquatting site. Tests across 26 LLMs showed multiple models executed payments or misclassified the fake sites, and the researchers advise treating web-retrieved content as adversarial, restricting agent tool permissions, and adding input validation at the content layer.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.