Are AI agents already facing Indirect Prompt Injection attacks? Google's Threat Intelligence teams searched for known attacks that would target AI systems browsing the web, using Common Crawl's repository of billions of pages from the public web).

We observed a number of websites that attempt to vandalize the machine of anyone using AI assistants. If executed, the commands in this example would try to delete all files on the user's machine. While potentially devastating, we consider this simple injection unlikely to succeed, which makes it similar to those in the other categories: We mostly found individual website authors who seemed to be running experiments or pranks, without replicating...