AI/ML , Threat Intelligence AI agents weaponized through indirect prompt injection intrusions April 24, 2026 Share By SC Staff HackRead reports that hidden website code has been tapped to facilitate indirect prompt injection attacks against AI assistants, such as GitHub Copilot and Claude Code. Malicious actors have weaponized HTML comments, metadata tags, 1px fonts, and transparent colors, as well as accessibility layers to successfully conceal IPI attack-enabling code across multiple websites, findings from a Forcepoint analysis showed. Hidden commands in the "faladobairro[.]com," "perceptivepumpkin[.]com," and "thelibrary-welcome[.]uk" websites allowed backup folder deletion, illicit delivery of $5,000 through PayPal.me, and forced exposure of a secret API key, respectively. On the other hand, other websites had malicious invisible code that led to denial-of-service compromise, traffic hijacking, and SEO manipulation. "Unlike direct prompt injection, where a user sends malicious input to a model, IPI hides adversarial instructions inside ordinary web content. When an AI agent crawls or summarizes a poisoned page, it ingests those instructions and executes them as legitimate commands, with no indication that anything went wrong," said Forcepoint researchers. An In-Depth Guide to AI Get essential knowledge and practical strategies to use AI to better your security program. Learn More SC Staff Related AI/ML Chinese exploitation of US-made AI models to be quelled, Trump admin pledges SC Staff April 24, 2026 The U.S. was noted by White House Director of Science and Technology Policy Michael Kratsios to be working on quashing China's alleged large-scale distillation campaigns against U.S.-made AI models, The Associated Press reports. Security Operations CrowdStrike launches Project QuiltWorks to address AI-discovered software vulnerabilities SC Staff April 24, 2026 The coalition includes major players like Accenture, Ernst & Young, IBM, Kroll, and OpenAI, with support from Anthropic. Security Operations Rilian secures $17.5 million seed funding for AI security integration in defense sector SC Staff April 24, 2026 Rilian aims to bridge the gap between advanced AI and the stringent requirements of national defense systems. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Account Harvesting Black Hat Deauthentication Attack Dictionary Attack Distributed Scans Domain Hijacking Google Hacking Hybrid Attack Information Warfare Reconnaissance You can skip this ad in 5 seconds