logo

Indirect Prompt Injection in Web Content Targets AI Agents

ID: 1ce52e74-abf1-51c1-af81-3cf8ef5c5a42

STIX ID: report--1ce52e74-abf1-51c1-af81-3cf8ef5c5a42

Feed Name: Security Boulevard

Threat Score
70/100

Date Published: 2026-07-02

Date Updated: 2026-07-03

Author: Ashwathi Sasi (Sr. Threat Researcher)

...
...

Zscaler ThreatLabz reports two active indirect prompt injection (IPI) campaigns that hide malicious instructions in web pages to manipulate AI agents: (1) a payment scam that uses SEO poisoning, JSON-LD schema, and hidden DOM/CSS to trick agents into paying for a fake API key (with observed payments to Ethereum address 0x691bc3793205e574fa7b4aa068e62c0e470ad267), and (2) a typosquatting site (debank.auction) that impersonates DeBank to contaminate retrieval contexts and mislead LLMs. The post includes IOCs, techniques used, and results of testing across 26 LLMs showing measurable model susceptibility.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.