Security Researchers Uncover Web-Based IDPI Attacks

Unit 42 at Palo Alto Networks reports in-the-wild web-based indirect prompt injection (IDPI) attacks, observed across telemetry and including a December 2025 instance that bypassed an AI ad-review system. The analysis catalogs 22 attacker payload techniques, documents intents such as data destruction and credential leakage, and warns that LLMs and agentic integrations expand the web attack surface for automated systems.