Indirect Prompt Injection in Web Content Targets AI Agents
ID: 1ce52e74-abf1-51c1-af81-3cf8ef5c5a42
STIX ID: report--1ce52e74-abf1-51c1-af81-3cf8ef5c5a42
Feed Name: Security Boulevard
Date Published: 2026-07-02
Date Updated: 2026-07-03
Author: Ashwathi Sasi (Sr. Threat Researcher)
Zscaler ThreatLabz reports two active indirect prompt injection (IPI) campaigns that hide malicious instructions in web pages to manipulate AI agents: (1) a payment scam that uses SEO poisoning, JSON-LD schema, and hidden DOM/CSS to trick agents into paying for a fake API key (with observed payments to Ethereum address 0x691bc3793205e574fa7b4aa068e62c0e470ad267), and (2) a typosquatting site (debank.auction) that impersonates DeBank to contaminate retrieval contexts and mislead LLMs. The post includes IOCs, techniques used, and results of testing across 26 LLMs showing measurable model susceptibility.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
