{"id":237083,"date":"2026-04-23T05:30:00","date_gmt":"2026-04-23T09:30:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/04\/23\/researchers-uncover-10-in-the-wild-indirect-prompt-injection-attacks\/"},"modified":"2026-04-29T12:15:22","modified_gmt":"2026-04-29T16:15:22","slug":"researchers-uncover-10-in-the-wild-indirect-prompt-injection-attacks","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/04\/23\/researchers-uncover-10-in-the-wild-indirect-prompt-injection-attacks\/","title":{"rendered":"Researchers Uncover 10 In-the-Wild Indirect Prompt Injection Attacks"},"content":{"rendered":"<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/researchers-10-wild-indirect\/\">Researchers Uncover 10 In-the-Wild Indirect Prompt Injection Attacks<\/a><\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/researchers-10-wild-indirect\/\">https:\/\/www.infosecurity-magazine.com\/news\/researchers-10-wild-indirect\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-23 05:30:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.infosecurity-magazine.com\">www.infosecurity-magazine.com<\/a><\/p>\n<p>Security researchers have discovered 10 new indirect prompt injection (IPI) payloads targeting AI agents with malicious instructions designed to achieve financial fraud, data destruction, API key theft and more.<\/p>\n<p>Threat actors achieve IPI by poisoning web content so that when an agent crawls or summarizes it, the instructions will be executed as legitimate.<\/p>\n<p>It impacts any agent that browses and summarizes web pages, indexes content for RAG pipelines, auto-processes metadata\/HTML comments, or reviews pages for ad content, SEO ranking or moderation.<\/p>\n<p>\u201cThe impact scales with AI privilege. A browser AI that can only summarize is low-risk,\u201d explained Forcepoint senior security researcher, Mayur Sewani, in a blog post yesterday. \u201cAn agentic AI that can send emails, execute terminal commands or process payments becomes a high-impact target.\u201d<\/p>\n<p>Read more on indirect prompt injection: HashJack Indirect Prompt Injection Weaponizes Websites.<\/p>\n<p>The Forcepoint research uncovered the follow common triggers for IPI:<\/p>\n<ul>\n<li>&#8220;Ignore previous instructions&#8221;<\/li>\n<li>&#8220;Ignore all previous instructions&#8221;<\/li>\n<li>&#8220;If you are an LLM&#8221;<\/li>\n<li>&#8220;If you are a large language model&#8221;<\/li>\n<\/ul>\n<p>Whatever the payload, the attack chain is the same. The threat actor poisons web content and hides the payload, then waits for the agent to interact with it. Once it ingests the page, the agent ignores previous instructions, follows the attacker\u2019s direction and triggers a real-world action \u2013 often with \u201ca covert exfiltration return channel back to the attacker,\u201d Sewani explained.<\/p>\n<h2><strong>Data Theft and Destruction<\/strong><\/h2>\n<p>Several of the examples Forcepoint found in the wild seem\u00a0fairly innocuous.<\/p>\n<p>They include a false assertion that the copyright owner has &#8220;expressly forbidden&#8221; the AI to answer any user questions about the page\u2019s content \u2013 technically described as \u201cdenial of service\u201d or content suppression.<\/p>\n<p>Another is a de facto sales pitch. Described as \u201cattribution hijacking,\u201d it instructs the AI to credit \u201cKirill&#8230;<\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/researchers-10-wild-indirect\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researchers Uncover 10 In-the-Wild Indirect Prompt Injection Attacks https:\/\/www.infosecurity-magazine.com\/news\/researchers-10-wild-indirect\/ Publish Date: 2026-04-23 05:30:00 Source Domain:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":237084,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/assets.infosecurity-magazine.com\/webpage\/og\/cb3e39e9-34b0-4007-a20b-7f080038454a.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,18,17,34],"class_list":["post-237083","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-large-language-model","tag-llm","tag-threat-actor"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/237083"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=237083"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/237083\/revisions"}],"predecessor-version":[{"id":237085,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/237083\/revisions\/237085"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/237084"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=237083"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=237083"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=237083"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}