AI agents can inadvertently leak sensitive company data via web searches. Research shows attackers can manipulate webpages with hidden instructions, leading agents to retrieve and transmit confidential information without users realizing it. The model's normal operations mask the attack, which does not require direct manipulation or special access. Varied success rates across 1,068 attack attempts highlight that training practices matter more than model size. Existing defenses often overlook this indirect method, emphasizing the need for robust security measures and monitoring. Organizations must treat AI agents as risky software and establish strict control over their operations.
https://www.helpnetsecurity.com/2025/10/29/agentic-ai-security-indirect-prompt-injection/