Cybersecurity News • 1h
Web Agent Retrieval Poisoning WARP Targeting OpenAI Deep Research and Google Gemini Deep Research
Web Agent Retrieval Poisoning (WARP) is a critical evolution in indirect prompt injection targeting agentic AI systems, including OpenAI Deep Research, Google Gemini Deep Research, and Claude Code. Attackers embed instructions within seemingly benign source material, such as public GitHub repositories, to exploit an AI agent's automated error-recovery instincts. By triggering specific logic, attackers force the agent to fetch second-stage payloads via non-file-based channels like DNS TXT records. This technique bypasses static analysis, secret scanners, and human code review, ultimately enabling Remote Code Execution (RCE) through reverse shells on developer workstations or within CI/CD pipelines.