Find notable cyber news and cases, enriched with sources, timelines, and signals.

Indirect prompt-injection web campaigns targeting AI agents

Campaign
First reported
Last updated
Happening score
H score 37
1 unique sources, 1 articles

Summary

Hide ▲

Two real-world campaigns are using indirect prompt injection and SEO poisoning to steer AI agents into fraudulent actions and false legitimacy judgments. The lures included a fake Python documentation page pushing a $3 API license key scam and a site impersonating DeBank. The activity turns ordinary web content into an attack surface for agent-driven browsing and payment workflows.

Related Happenings

Bayer reworks awareness training and AI access controls against AI-driven social engineering

Defensive Guidance
H score10 First: 02.06.2026 16:45 Last: 02.06.2026 16:45 Sources 1

About this happening: Bayer has shifted to **psychology-first security awareness** and **tiered AI access controls** to blunt **AI-generated social engineering** across employees and suppliers. The pro...

Indirect prompt injection payloads against AI agents reveal fraud, deletion, and secret-theft paths

Technical Analysis
H score20 First: 23.04.2026 12:30 Last: 23.04.2026 12:30 Sources 1

About this happening: **10** new **indirect prompt injection (IPI)** payloads show how web content poisoning can coerce **AI agents** into **financial fraud**, **data destruction**, and **API key theft...

Underground sellers-fraud-oriented sellers alliance reshapes ransomware ecosystem operations

Threat Actor Meta
H score31 First: 25.03.2026 16:02 Last: 25.03.2026 16:02 Sources 1

About this happening: A growing underground market for **premium AI platform access** is turning **ChatGPT**, **Claude**, **Microsoft Copilot**, and **Perplexity** access into a tradable black-market c...

Perplexity Comet prompt-injection research shows agentic browsers can be trained into phishing traps

Technical Analysis
H score25 First: 11.03.2026 18:38 Last: 11.03.2026 18:38 Sources 1

About this happening: **Perplexity's Comet AI browser** is the focus of a **technical analysis** thread showing how **prompt injection** and **malicious URLs** can steer an agentic browser into **data...

Underground AI services emerge with jailbroken APIs and MCP servers

Threat Actor Meta
H score11 First: 12.02.2026 14:45 Last: 12.02.2026 14:45 Sources 1

About this happening: **Underground AI services** are emerging on **marketplaces** with a model that hides **jailbroken commercial APIs** and **open-source MCP servers**, expanding access to **malware*...

Timeline

  1. 06.07.2026 18:00 2 articles · 3d ago

    Zscaler identifies hidden-instruction web campaigns targeting AI agents

    Initial Disclosure

    Zscaler ThreatLabz identified two real-world campaigns targeting AI agents through indirect prompt injection in web pages. One used a fake Python library documentation page that pushed a $3 API license key payment scam, and the other used a typosquatting domain impersonating DeBank; both campaigns relied on SEO poisoning and hidden instructions placed in off-screen CSS or JSON-LD metadata. In sandbox tests across 26 large language models, four models were manipulated into executing the fraudulent payment, and GPT-5.4 and Claude Sonnet 4.5 misrated the fake DeBank site as legitimate when no trusted reference for the real site was provided.

    Show sources