Cybersecurity News • 2h
Indirect Prompt Injection via SEO Poisoning Targeting OpenAI, Anthropic, and Google AI Agents
Attackers are leveraging Indirect Prompt Injection (IPI) to hijack AI agents from OpenAI, Anthropic, and Google by weaponizing the Retrieval-Augmented Generation (RAG) process. Through SEO poisoning, malicious sites are prioritized in agent grounding searches, delivering hidden payloads via CSS (display:none, opacity:0) and zero-width characters. These invisible instructions override system prompts to execute unauthorized tool-use functions, enabling cryptojacking via WebAssembly and the exfiltration of sensitive session data to attacker-controlled endpoints. This vulnerability shifts the primary attack vector from direct user input to external, untrusted data sources utilized for agentic autonomy.