Google Reports 32% Surge in Prompt Injection Attacks

Google’s latest research reveals a significant 32% increase in malicious prompt injection attempts over the past four months, moving this threat from theoretical discussions to real-world impact. “Cyber Updates - Asher Tamam” highlights that the more insidious threat now is Indirect Prompt Injection, where attackers embed malicious commands within legitimate websites or emails. When an AI agent, such as Gemini or Copilot, accesses these compromised sources to summarize content, the hidden command activates, taking control of the AI session.

While some initial incidents involved pranks or SEO manipulation, Google has observed a rise in genuine exfiltration attempts, aiming to steal personal information from AI conversations. Even more concerning, “Cyber Updates - Asher Tamam” notes instances where attackers successfully executed commands to delete files within systems. This signifies a dangerous evolution: as AI agents gain more browsing capabilities and operational permissions, the internet effectively becomes a minefield of invisible, weaponized text.

This isn’t just a new attack vector; it’s a fundamental backdoor built into seemingly innocuous data. The attacker’s calculus is clear: leverage the AI’s trust in its data sources to bypass traditional security controls and directly manipulate its actions or extract sensitive data.