Threats Tagged 'ai agents'
View all threats tagged with 'ai agents'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'ai agents'
Click on any threat for detailed analysis and mitigation recommendations
Indirect Prompt Injection in the Wild: 10 IPI Payloads Found 0 X-Labs researchers discovered 10 verified Indirect Prompt Injection (IPI) payloads deployed across live web infrastructure. Unlike direct prompt injection where users send malicious input to AI models, IPI hides adversarial instructions inside ordinary web content. When AI agents crawl or summarize poisoned pages, they ingest and execute these instructions as legitimate commands. The discovered payloads span financial fraud, data destruction, API key exfiltration, and denial-of-service attacks. Attackers employ techniques including CSS invisibility, HTML comments, accessibility attribute abuse, meta namespace spoofing, and system prompt tag impersonation. The shared injection templates across multiple domains suggest organized tooling rather than isolated experimentation. Observed attack intents include unauthorized financial transactions, terminal command execution, content suppression, traffic hijacking, and sensitive information leakage, targeting AI systems that browse web pages, index content for RAG ... Join the discussion | AlienVault OTX General | 04/23/2026, 09:02:19 UTC Added: 04/23/2026, 14:21:34 UTC |
Web-Based Indirect Prompt Injection Observed in the Wild: Fooling AI Agents 0 This article analyzes real-world instances of indirect prompt injection (IDPI) attacks targeting AI agents and large language models integrated into web systems. The researchers identify 22 distinct techniques used by attackers to embed malicious prompts in webpages, including visual concealment, obfuscation, and dynamic execution methods. They categorize attacker intents ranging from low-severity disruptions to critical data destruction attempts. Notable findings include the first observed case of AI-based ad review evasion and attempts at search engine optimization manipulation. The article presents a taxonomy of web-based IDPI attacks and provides insights into attack trends based on telemetry data. The researchers emphasize the need for proactive, web-scale defenses to detect IDPI and distinguish between benign and malicious prompts. Join the discussion | AlienVault OTX General | 03/03/2026, 15:42:04 UTC Added: 03/03/2026, 16:47:25 UTC |
Hundreds of Malicious Crypto Trading Add-Ons Found in Moltbot/OpenClaw 0 Almost 400 fake crypto trading add-ons in the Moltbot/OpenClaw AI assistant project have been discovered, potentially leading users to install information-stealing malware. These add-ons, known as skills, masquerade as cryptocurrency trading automation tools and target various platforms. The malicious skills share the same command-and-control infrastructure and use social engineering to convince users to execute commands that steal crypto assets. The supply chain attack relies on social engineering and lacks security review in the skills publication process. Security experts warn about the inherent risks of endpoint-native AI agents and emphasize the need for proper security controls and architectural design considerations. Join the discussion | AlienVault OTX General | 02/04/2026, 11:13:49 UTC Added: 02/05/2026, 11:15:28 UTC |
Showing 1 to 3 of 3 results