{"id":213677,"date":"2026-02-10T12:55:00","date_gmt":"2026-02-10T17:55:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/10\/ai-agents-can-spill-secrets-via-malicious-link-previews-the-register\/"},"modified":"2026-02-15T05:05:09","modified_gmt":"2026-02-15T10:05:09","slug":"ai-agents-can-spill-secrets-via-malicious-link-previews-the-register","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/10\/ai-agents-can-spill-secrets-via-malicious-link-previews-the-register\/","title":{"rendered":"AI agents can spill secrets via malicious link previews \u2022 The Register"},"content":{"rendered":"<p><a href=\"https:\/\/www.theregister.com\/2026\/02\/10\/ai_agents_messaging_apps_data_leak\/\">AI agents can spill secrets via malicious link previews \u2022 The Register<\/a><\/p>\n<p><a href=\"https:\/\/www.theregister.com\/2026\/02\/10\/ai_agents_messaging_apps_data_leak\/\">https:\/\/www.theregister.com\/2026\/02\/10\/ai_agents_messaging_apps_data_leak\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-10 12:55:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.theregister.com\">www.theregister.com<\/a><\/p>\n<p>AI agents can shop for you, program for you, and, if you&#8217;re feeling bold, chat for you in a messaging app. But beware: attackers can use malicious prompts in chat to trick an AI agent into generating a data-leaking URL, which link previews may fetch automatically.<\/p>\n<p>Messaging apps commonly use link previews, which let the app query links dropped in a message to extract a title, description, and thumbnail to display in place of a plain URL. As discovered by AI security firm PromptArmor, link previews can turn URLs generated by an AI agent and controlled by an attacker into a zero-click data-exfiltration channel, allowing sensitive information to be leaked without any user interaction.<\/p>\n<p>As PromptArmor notes in its report, indirect prompt injection via malicious links isn&#8217;t unheard of, but typically requires the victim to click a link after an AI system has been tricked into appending sensitive user data to an attacker-controlled URL. When the same technique is used against an AI agent operating inside messaging platforms such as Slack or Telegram, where link previews are enabled by default or in certain configurations, the problem gets a whole lot worse.<\/p>\n<p>&#8220;In agentic systems with link previews, data exfiltration can occur immediately upon the AI agent responding to the user, without the user needing to click the malicious link,&#8221; PromptArmor explained.\u00a0<\/p>\n<p>Without a link preview, an AI agent or a human operator has to follow a link, triggering a network request after the AI system has been tricked into appending sensitive user data to an attacker-controlled URL. As mentioned, this type of prompt injection attack can extract various types of sensitive data, such as API keys and the like, by tricking an AI agent into appending the info onto the URL.\u00a0<\/p>\n<p>Because a link preview pulls metadata from the target website, that whole attack chain can be accomplished&#8230;<\/p>\n<p><a href=\"https:\/\/www.theregister.com\/2026\/02\/10\/ai_agents_messaging_apps_data_leak\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>AI agents can spill secrets via malicious link previews \u2022 The Register https:\/\/www.theregister.com\/2026\/02\/10\/ai_agents_messaging_apps_data_leak\/ Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":213678,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/regmedia.co.uk\/2023\/11\/22\/shutterstock_chat_with_me_ai.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26],"class_list":["post-213677","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/213677"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=213677"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/213677\/revisions"}],"predecessor-version":[{"id":213679,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/213677\/revisions\/213679"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/213678"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=213677"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=213677"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=213677"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}