216.73.216.169

Indirect Prompt Injection in Web Content Targets AI Agents

· Published 02/07/2026 22:39

Export JSON

Essential information

Published
02/07/2026 22:39
Modified
Source / Author
AlienVault
Confidence
100/100
Report type(s)
threat-report
Labels / Tags
ai agents cryptocurrency scam indirect prompt injection ipi llm manipulation payment fraud seo poisoning typosquatting
Related entities
11 indicators, 11 observables, 16 techniques (mitre)

Description

are increasingly vulnerable to (IPI) attacks, where malicious instructions are embedded in web content to manipulate AI-driven workflows. Two campaigns were identified that combine with CSS/HTML abuse to influence AI decision-making. The first campaign uses fake API documentation to trick into making fraudulent payments for a fake Python library, incorporating hidden instructions in JSON-LD and CSS-concealed content directing payment of $3.00 via Stripe or approximately 0.0012 ETH to attacker wallets. The second campaign employs to impersonate DeBank, a cryptocurrency portfolio tracker, embedding hidden prompts to make the fraudulent site appear as an authoritative source. Testing across 26 LLMs revealed 4 models were vulnerable to the payment scam and 2 models misclassified the site, demonstrating measurable real-world impact.

External references