🛡 A new class of attacks on AI agents — Agent Data Injection (ADI)

Researchers from SNU have presented the ADI method, which masks malicious instructions as trusted metadata or context. This allows bypassing current defense mechanisms and forcing agents to perform unauthorized actions.

🌍 An architectural flaw has been identified: the lack of isolation between system and external data. Current Prompt Injection defense methods are ineffective against ADI.

👤 If you use browser or coding agents, remember: ordinary content on websites can be used to deceive the agent and perform actions on your behalf.

Source 1: https://compsec.snu.ac.kr/blog/agent-data-injection Source 2: https://arxiv.org/abs/2607.05120