SecurityWeek • 2h
Indirect Prompt Injection IPI in AI Agents Facilitating Unauthorized Cryptocurrency Transfers
Autonomous AI agents are increasingly susceptible to Indirect Prompt Injection (IPI), where malicious instructions are embedded within untrusted data sources such as web pages or documents. Attackers utilize encoded payloads (e.g., Base64) to bypass semantic filters, hijacking the agent's action layer to trigger unauthorized tool-calling and API execution. This vulnerability, confirmed across 13 frontier LLM models, enables the automated execution of irreversible cryptocurrency transactions. The primary risk lies in the agent's inability to distinguish between legitimate user intent and malicious instructions retrieved via Retrieval-Augmented Generation (RAG) pipelines.
Links:SecurityWeek, Unit42, Infosecurity-magazine, Risingwave, Arxiv, Oecd, Youtube, Cequence, Crypto •