AI Agent · Gemini · GPT · Prompt injection · Microsoft · Decrypt
AI Agents Still Can't Stop Prompt Injection Attacks, Researchers Warn
Compiled by KHAO Editorial — aggregated from 1 source. See llms.txt for citation guidance.
★ Tier-1 Source
As developers race to deploy AI agents capable of browsing the internet, conducting research, shopping online, and trading cryptocurrency autonomously, new research suggests the systems remain highly vulnerable to prompt injection attacks.
Key facts
- The team conducted 3,168 attack simulations using NanoBrowser and BrowserUse with GPT-5 and Gemini 2.5-Flash
- In a new study published on Thursday, researchers from Nanyang Technological University, ST Engineering, IBM Research, and the University of Illinois Urbana-Champaign found that none of the AI agents
- In February, Microsoft researchers warned that hidden instructions embedded in AI summary links could influence chatbot behavior
- In April, Google documented prompt injection attacks hidden in web pages that attempted to manipulate AI agents into leaking credentials or sending payments
Summary
Researchers found AI agents powered by GPT-5 and Gemini could not resist prompt injection attacks. Direct attacks succeeded more than 79% of the time, while hidden attacks embedded in web content frequently manipulated agent behavior. The findings suggest prompt injection remains a broader security problem as AI agents become more mainstream. In a new study published on Thursday, researchers from Nanyang Technological University, ST Engineering, IBM Research, and the University of Illinois Urbana-Champaign found that none of the AI agents they tested consistently resisted prompt injection attacks.