AI threats in the wild: The current state of prompt injections on the web

Google Threat Intelligence scanned Common Crawl snapshots for indirect prompt injection (IPI) on public websites and found mostly low-sophistication instances (pranks, helpful guidance, SEO) alongside a small number of malicious exfiltration and destructive attempts; detections in the malicious category rose ~32% between Nov 2025 and Feb 2026. The study notes limitations (Common Crawl excludes many social platforms), emphasizes rising interest and automation in IPI, and concludes that while current exploitation is limited, scale and sophistication are likely to grow without mitigations.