Vibe Coding
Palo Alto Unit 42 Documents First In-the-Wild Web-Based Indirect Prompt Injection Against Deployed Agents
Unit 42 published the first confirmed observation of web-based indirect prompt injection attacks targeting production AI agents in the wild — attackers embed instructions in web content processed by agents, hijacking tool calls and exfiltrating data. The root cause: models have no reliable mechanism to distinguish between instructions and data in processed content. Affects any agent that browses the web, reads emails, or ingests untrusted documents.
↳ Follow the thread