Google's Threat Intelligence teams have conducted a comprehensive investigation into prompt injection attacks targeting AI agents as they browse the web. Analysing billions of pages from Common Crawl's public web repository, researchers discovered a concerning landscape of malicious attempts to manipulate AI systems, ranging from simple pranks to potentially dangerous commands.
The study revealed several categories of prompt injection attacks. Some websites contained instructions attempting to vandalize users' machines, including commands designed to delete all files. Whilst researchers deemed such basic attacks unlikely to succeed, they represent a growing trend. Between November 2025 and February 2026, malicious prompt injections increased by 32%, signalling heightened interest in Indirect Prompt Injection (IPI) attacks amongst threat actors.
Amongst the examples discovered, researchers found websites using invisible text with transparent fonts to hide malicious prompts, instructing AI systems to ignore previous commands and behave erratically. Another site attempted to waste AI resources by streaming infinite text that never finished loading, potentially causing timeout errors. Some injections were more whimsical, asking AI to tell children's stories about flying squids or tweet like baby birds, likely experimental pranks by curious website authors.
Not all prompt injections were malicious. Google identified benign cases where website owners simply wanted to ensure AI summaries included relevant context for readers. However, researchers warned such techniques could easily become harmful if used to spread misinformation or redirect users to third-party sites. SEO manipulation emerged as another common use case, with businesses attempting to make AI assistants promote their services over competitors.
Perhaps most concerning were attempts at data exfiltration. A small number of prompts tried instructing AI to send sensitive information, including password files and SSH directory contents, along with system IP addresses. Fortunately, researchers noted they hadn't observed widespread deployment of sophisticated exfiltration techniques published by security researchers in 2025, suggesting attackers haven't yet scaled these methods. As AI systems become more capable and valuable targets, whilst threat actors increasingly automate operations with agentic AI, Google expects both the scale and sophistication of IPI attacks to grow significantly in the near future.
Artículos relacionados de LaRebelión:
- Google Invierte Miles de Millones en IA El Futuro
- Google Invierte 40 Mil Millones en Anthropic
- Google Lanza TPUs Para La Era Agente
- IA con fallos Agentes filtran secretos via prompt injection
- Google Negocia con Marvell para Chips de IA
Artículo generado mediante LaRebelionBOT
No hay comentarios:
Publicar un comentario