Find notable cyber news and cases, enriched with sources, timelines, and signals.

Indirect prompt injection payloads against AI agents reveal fraud, deletion, and secret-theft paths

Technical Analysis
First reported
Last updated
Happening score
H score 20
1 unique sources, 1 articles

Summary

Hide ▲

10 new indirect prompt injection (IPI) payloads show how web content poisoning can coerce AI agents into financial fraud, data destruction, and API key theft. The risk is highest when an agent can send emails, run terminal commands, or process payments. The findings show that seemingly routine browsing or summarization can become an execution path for attacker instructions.

Related Happenings

AI coding assistants GhostApproval symlink security flaw

Vulnerability
H score22 First: 09.07.2026 07:27 Last: 09.07.2026 07:27 Sources 1

About this happening: A **July 8** disclosure identified **GhostApproval**, a **symlink** flaw in **six AI coding assistants** that can redirect approved writes into **~/.ssh/authorized_keys** or **~/....

HalluSquatting indirect prompt-injection attack on AI coding assistants

Technical Analysis
H score3 First: 08.07.2026 18:07 Last: 08.07.2026 18:07 Sources 1

About this happening: Researchers demonstrated **HalluSquatting**, an indirect prompt-injection technique that can push **AI coding assistants** to fetch attacker-controlled resources and execute code....

GitHub Agentic Workflows indirect prompt injection security flaw

Vulnerability
H score27 First: 07.07.2026 17:04 Last: 07.07.2026 17:04 Sources 1

About this happening: **GitHub Agentic Workflows** has an **indirect prompt injection** flaw that can let a **public issue** leak content from **private repositories** into public comments. The risk is...

Indirect prompt-injection web campaigns targeting AI agents

Campaign
H score37 First: 06.07.2026 18:00 Last: 06.07.2026 18:00 Sources 1

About this happening: **Two real-world campaigns** are using **indirect prompt injection** and **SEO poisoning** to steer **AI agents** into fraudulent actions and false legitimacy judgments. The lures...

GuardFall shell-trick bypass of command safety checks in AI coding agents

Technical Analysis
H score25 First: 30.06.2026 17:26 Last: 30.06.2026 17:26 Sources 1

About this happening: **GuardFall** exposed a shell-trick bypass that lets dangerous commands slip past safety checks in **open-source AI coding and computer-use agents**, putting **full account access...

Timeline

  1. 23.04.2026 12:30 2 articles · 2mo ago

    Forcepoint documents 10 indirect prompt injection payloads against AI agents

    Technical Analysis Update

    Forcepoint researchers documented 10 in-the-wild indirect prompt injection payloads targeting AI agents through poisoned web content, where crawler, summarizer, and RAG-style workflows can ingest attacker instructions as if they were legitimate. The findings show trigger phrases such as “Ignore previous instructions”, “Ignore all previous instructions”, “If you are an LLM”, and “If you are a large language model”, and they highlight risks including financial fraud via PayPal.me, destructive file deletion, secret API key theft, and covert exfiltration, with higher impact when agents can send emails, run terminal commands, or process payments through tools such as GitHub Copilot, Cursor, and Claude Code.

    Show sources