Skip to main content

Tag: indirect prompt injection

12 articles

Laptop screen displays innocuous webpage with subtle hidden code in background.

Web Content Conceals Hidden Instructions Targeting AI Agents

As AI agents increasingly interact with the web, hidden instructions embedded in online content can be manipulated to perform unintended actions, posing a new threat to users. Researchers have uncovered real-world campaigns that use indirect prompt injection to steer AI agents into carrying out malicious tasks.

Analyst 207
Laptop screen displays colorful webpage in brightly-lit coffee shop setting.

AI Browsers Exposed to Credential-Leaking BioShocking Attack

A shocking new attack has been discovered that can trick AI browsers and assistants into leaking sensitive user credentials, with six popular agents already proven vulnerable. This sneaky tactic, called BioShocking, uses a clever game-like approach to bypass safety protocols and get agents to cough up personal info.

Analyst 207
Cluttered office workspace with computer and browser on desk, cityscape outside window.

Researchers Expose AI Agents to Malicious Prompt Injection Payloads

Imagine a browser AI that can summarize web pages, but with a hidden vulnerability that allows malicious instructions to be embedded and executed - a newly discovered threat that security researchers are warning deserves our attention. Forcepoint researchers have uncovered 10 real-world examples of indirect prompt injection payloads designed to subvert AI agents and wreak havoc.

Analyst 207
Shadowy figure hunched over laptop with dimly lit dashboard, surrounded by papers and coffee cups, with cityscape at dusk…

Researchers bypass Grafana AI with stealthy data exfiltration technique

Imagine a tool meant to reveal operational insights being turned into a stealthy spy, siphoning off sensitive corporate secrets - that's what happened when researchers exploited Grafana's AI with a cunning technique called indirect prompt injection. Dubbed GrafanaGhost, this attack bypasses Grafana's defenses, exfiltrating data without leaving a digital trail.

Analyst 207
The Promptware Kill Chain: Exclusive Critical Risk Guide

The Promptware Kill Chain: Exclusive Critical Risk Guide

What if a stray calendar event or shared doc could become a command to your AI? This guide reveals the promptware kill chain—how attackers weaponize language to steal data, gain persistence, and trigger unauthorized actions, and what you can do to defend against it.

Analyst 207
Threat Actors Use Stunning, Dangerous Calendar Subs

Threat Actors Use Stunning, Dangerous Calendar Subs

Think that calendar invite is safe? Threat actors are weaponizing calendar subscriptions—slipping phishing links, malware, or hidden instructions into benign-seeming invites hosted on trusted services, turning everyday convenience into a stealthy breach vector.

Analyst 207
Dark cityscape with ominous robotic head emerging from shadows, glowing red eyes, and faint laptop screen in background.

Gemini AI Exclusive: Dangerous Thinking Robot Malware

What if the AI meant to amplify our thinking could be turned into thinking robot malware that rewrites itself to hide from defenders? New research shows attackers chaining prompt- and log-injection tricks to weaponize Gemini into self-modifying, persistent surveillance agents that sidestep many standard safeguards.

Analyst 207
Sneaky Mermaid attack: Exclusive Copilot data breach alert

Sneaky Mermaid attack: Exclusive Copilot data breach alert

A clever Sneaky Mermaid indirect prompt injection showed how hidden instructions buried in files could trick Microsoft 365 Copilot into leaking tenant data. Microsoft says it patched this specific flaw, but security teams warn the broader risk of stealthy, embedded prompt attacks is far from over.

Analyst 207
Microsoft 365 Copilot Exclusive: Dangerous Mermaid Attack

Microsoft 365 Copilot Exclusive: Dangerous Mermaid Attack

The Mermaid attack revealed how a hidden prompt in an otherwise harmless file could trick Microsoft 365 Copilot into spilling emails and attachments. Microsoft patched the gap, but the episode is a clear reminder that giving AI broad access can turn convenience into a new, exploitable data risk.

Analyst 207
Sneaky Mermaid attack: Exclusive critical Copilot leak

Sneaky Mermaid attack: Exclusive critical Copilot leak

Researchers uncovered a Sneaky Mermaid trick that hid malicious instructions inside ordinary files to make Microsoft 365 Copilot leak tenant emails and attachments. Microsoft patched the specific vector, but the episode is a wake-up call about how AI assistants can be manipulated and why teams must shore up their digital defenses.

Analyst 207
indirect prompt injection: Stunning Risk Exposed

indirect prompt injection: Stunning Risk Exposed

A trio of vulnerabilities in Google’s Gemini shows how indirect prompt injection—hiding instructions in files, metadata or chained APIs—can trick AI into leaking data or taking unintended actions, proving that securing models means vetting every input source, not just user prompts.

Analyst 207
indirect prompt injection: Stunning, Risky Threat

indirect prompt injection: Stunning, Risky Threat

Imagine a calendar invite or shared doc quietly telling your phone assistant to betray you — researchers show indirect prompt injection turns everyday interactions into real attack paths that can leak data, send messages, or trigger devices. Their TARA framework and practical fixes show those risks can fall sharply if developers add source checks, action gating, and clearer user consent.

Analyst 207