Bill20h ago

Putting hidden text in web pages just to pwn AI agents for fun and profit sounds like a good time.

https://www.securityweek.com/google-deepmind-researchers-map-web-attacks-against-ai-agents/

#agenticai #posioning

Google DeepMind Researchers Map Web Attacks Against AI Agents

Threat actors can use malicious web content to set up AI Agent Traps and manipulate, deceive, and exploit visiting autonomous agents.

SecurityWeek
Show threadulveon.net (on derg.social)
@Sempf if you are not careful enough you might also pwn blind users who use screen readers.
8:40amWeb
Show threadBill12h ago
@ulveon or anyone else with an AI browser. Or Gemini for that matter. Good point.
Show threadSteph Vee 11h ago
@ulveon @Sempf That's what aria-hidden="true" is for. 😉 Can also use aria-label to give a heads up to blind users like "hey, so this next link is just for the agentic assholes clogging up my logs in their attempt to scrape the shit out of my website."
Show threadBill9h ago
@st3phvee @ulveon I bet a whole crapload pf people don't know that though, especially those developing the HTML using Cursor or another vibe coding GUI.
Show threadSteph Vee 9h ago
@Sempf @ulveon Very true. Mind you, the people vibe coding their HTML probably aren't trying to troll agentic AI "visitors" either.