THREATOPS
THREAT OPSThreat News › Indirect Prompt Injection in Web Content Targets AI Agents

Indirect Prompt Injection in Web Content Targets AI Agents

medzscaler_threatlabzPublished 2026-07-02

IntroductionAI agents are increasingly changing how users interact with web content, making the content itself a growing attack surface for threat actors. Just as a human user can be socially engineered through phishing, AI agents are also susceptible to similar attacks. Indirect prompt injection (IPI) is an example of these types of attacks that embed malicious instructions in the content retriev

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://www.zscaler.com/blogs/security-research/indirect-prompt-injection-web-content-targets-ai-agents