The web is being weaponized against your AI agents. And the attack is hiding in plain sight.

The web is being weaponized against your AI agents. And the attack is hiding in plain sight.

It is called indirect prompt injection. Attackers embed hidden instructions inside ordinary web pages. Hidden from casual view using trivial tricks: white text on a white background, a font shrunk to a single pixel, or content embedded in markup. A human can find them by inspecting the page source. But no casual reader ever will. AI agents often process content that humans would never see.

When your agent browses that page, it may follow or act on those instructions if not properly constrained. No malware. No phishing email. Just a webpage your agent visited.

Researchers at Google and security firm Forcepoint have documented real-world and emerging cases of these attacks. The payloads range from harmless pranks to financial fraud and data exfiltration. Forcepoint reported a 32% increase in observed malicious activity over a three-month period between November 2025 and February 2026.

The threat scales with what your agent can do. An agent that only summarizes content is low risk. An agent that sends emails, executes commands, or processes payments is a high value target.

If you are deploying AI agents in your business, ask your team three questions this week. What web content can your agents access? What actions can they take autonomously? And what guardrails prevent them from executing instructions they were never meant to receive?

AI agents are powerful precisely because they act. That is also what makes them dangerous without proper controls. Security guardrails are a Day 1 requirement.