Data Exfiltration

Google researchers warn of a new threat to enterprise AI agents: indirect prompt injection via public web pages. Malicious instructions are hidden in HTML and executed when AI agents scrape these sites, bypassing traditional defenses. These attacks leverage AI’s legitimate credentials, making them hard to detect. Solutions include using a “sanitizer” AI model to filter web content and strictly compartmentalizing AI agent tool usage based on zero-trust principles. Enhanced audit trails are crucial for tracing AI decisions.