HackerTrans
TopNewTrendsCommentsPastAskShowJobs

tanbablack

no profile record

comments

tanbablack
·4 miesiące temu·discuss
Really like the content negotiation approach. Serving clean markdown via Accept headers has a nice security side benefit too. agents that receive structured markdown don't need to parse raw HTML, which is exactly where indirect prompt injection payloads hide.

Unit42's March 2026 research found 22+ techniques used in the wild to embed hidden instructions in HTML — zero-font CSS, invisible divs, dynamic JS injection. If more sites adopted this pattern and agents preferred the markdown path, a whole class of web-based IDPI attacks would be bypassed by design.
tanbablack
·4 miesiące temu·discuss
Great writeup. Attackers are also "optimizing content for agents" — just with malicious intent.

Unit42 published research in March 2026 confirming websites in the wild embedding hidden instructions specifically targeting AI agents. Techniques include zero-font CSS text, invisible divs, and JS dynamic injection. One site had 24 layered injection attempts.

The same properties that make content agent-friendly (structured, parseable, in the DOM) also make it a perfect delivery mechanism for indirect prompt injection.
tanbablack
·4 miesiące temu·discuss
This is a really important area to tackle. secret management for AI agents is something most teams are ignoring right now.

One adjacent risk worth noting: the URLs these agents visit during research. Even with proper secret management, if an agent browses a poisoned page during research, the injected instructions could override its behavior before secrets ever come into play.
tanbablack
·4 miesiące temu·discuss
Interesting approach. This made me think about layering URL-level reputation checks alongside prompt-level scanning. Unit42's March 2026 research found 11 domains actively hosting hidden IDPI payloads in the wild — things like zero-font CSS instructions and JS-injected fork bombs.

A pre-browse check against known hostile domains could complement prompt-level detection nicely, catching threats before content even reaches the proxy.