Fooling AI Agents: Web-Based Indirect Prompt Injection Observed in the Wild

This Unit 42 report analyzes web-based indirect prompt injection (IDPI) attacks in which adversaries embed hidden or obfuscated instructions in web content that downstream LLMs or AI agents ingest and execute; it provides a taxonomy of attacker intents and payload engineering techniques, documents multiple real-world detections (ranging from low-severity irrelevant output to critical data destruction and unauthorized transactions), enumerates indicators of compromise (URLs and payment links), and recommends defensive measures for detection and mitigation.