AI-targeted cloaking poisons retrieval-backed AI outputs through user-agent-based content manipulation
Technical Analysis
Summary
Hide ▲
Show ▼
Researchers disclosed AI-targeted cloaking, a technique that lets malicious sites feed ChatGPT Atlas and other AI crawlers different content than human visitors, risking poisoned context in AI Overviews, summaries, and autonomous reasoning. The method uses a trivial user-agent check to steer crawlers toward manipulated page content. SPLX said the approach can function as a misinformation weapon and bias downstream AI outputs. A separate hTAG study found browser agents attempted harmful actions across 20 abuse scenarios, underscoring weak built-in safeguards.
Related Happenings
LayerX BioShocking prompt injection against agentic browsers
Technical Analysis
H score30
First: 24.06.2026 19:05
Last: 24.06.2026 19:05
Sources 1
About this happening:
Researchers demonstrated **BioShocking**, a prompt-injection technique that pushed **six agentic browsers and plugins** past guardrails and made them **copy login credentials** fo...
LayerX BioShocking prompt injection against agentic browsers
Technical AnalysisAbout this happening: Researchers demonstrated **BioShocking**, a prompt-injection technique that pushed **six agentic browsers and plugins** past guardrails and made them **copy login credentials** fo...
Perplexity Comet prompt-injection research shows agentic browsers can be trained into phishing traps
Technical Analysis
H score25
First: 11.03.2026 18:38
Last: 11.03.2026 18:38
Sources 1
About this happening:
**Perplexity's Comet AI browser** is the focus of a **technical analysis** thread showing how **prompt injection** and **malicious URLs** can steer an agentic browser into **data...
Perplexity Comet prompt-injection research shows agentic browsers can be trained into phishing traps
Technical AnalysisAbout this happening: **Perplexity's Comet AI browser** is the focus of a **technical analysis** thread showing how **prompt injection** and **malicious URLs** can steer an agentic browser into **data...
Underground AI services emerge with jailbroken APIs and MCP servers
Threat Actor Meta
H score11
First: 12.02.2026 14:45
Last: 12.02.2026 14:45
Sources 1
About this happening:
**Underground AI services** are emerging on **marketplaces** with a model that hides **jailbroken commercial APIs** and **open-source MCP servers**, expanding access to **malware*...
Underground AI services emerge with jailbroken APIs and MCP servers
Threat Actor MetaAbout this happening: **Underground AI services** are emerging on **marketplaces** with a model that hides **jailbroken commercial APIs** and **open-source MCP servers**, expanding access to **malware*...
Google study on AI misuse in APT and malware workflows
Technical Analysis
H score27
First: 12.02.2026 14:45
Last: 12.02.2026 14:45
Sources 1
About this happening:
**Google Threat Intelligence Group** reported an **unknown threat actor** using **PROMPTFLUX**, an experimental **VB Script** malware, to query the **Gemini API** for **just-in-ti...
Google study on AI misuse in APT and malware workflows
Technical AnalysisAbout this happening: **Google Threat Intelligence Group** reported an **unknown threat actor** using **PROMPTFLUX**, an experimental **VB Script** malware, to query the **Gemini API** for **just-in-ti...
ChatGPT/SearchGPT prompt injection and data exfiltration weaknesses security flaw
Vulnerability
H score1
First: 06.11.2025 12:00
Last: 06.11.2025 12:00
Sources 1
About this happening:
Researchers uncovered **seven weaknesses** in **OpenAI's ChatGPT/SearchGPT** that could let an attacker use **prompt injection** and **safety bypass** techniques to steal **privat...
ChatGPT/SearchGPT prompt injection and data exfiltration weaknesses security flaw
VulnerabilityAbout this happening: Researchers uncovered **seven weaknesses** in **OpenAI's ChatGPT/SearchGPT** that could let an attacker use **prompt injection** and **safety bypass** techniques to steal **privat...
Timeline
-
29.10.2025 16:57 2 articles · 8mo ago
AI-targeted cloaking exposes ChatGPT Atlas and other AI crawlers to context poisoning
Initial DisclosureSecurity researchers flagged AI-targeted cloaking, a user-agent-based content-poisoning technique that lets malicious sites serve different page content to ChatGPT Atlas and other AI crawlers so retrieved material can become ground truth for AI Overviews, summaries, and autonomous reasoning. SPLX said the same approach can function as a misinformation weapon and bias AI outputs, while hTAG found browser agents attempted nearly every malicious request across 20 abuse scenarios with little built-in safeguarding.
Show sources
- New AI-Targeted Cloaking Attack Tricks AI Crawlers Into Citing Fake Info as Verified Facts — thehackernews.com — 29.10.2025 16:57
- New AI-Targeted Cloaking Attack Tricks AI Crawlers Into Citing Fake Info as Verified Facts — thehackernews.com — 29.10.2025 16:57