Zscaler Flags 4 of 26 LLMs as Vulnerable to Prompt Injection Traps
Updated
Updated · InfoWorld · Jul 7
Zscaler Flags 4 of 26 LLMs as Vulnerable to Prompt Injection Traps
3 articles · Updated · InfoWorld · Jul 7
Summary
Zscaler’s internal validation found 4 of 26 tested LLMs failed indirect prompt-injection checks, while 3 models were classified safe, underscoring that susceptibility varies sharply by model and context.
Hidden instructions embedded in websites could steer autonomous agents into actions such as paying a fake $3 developer fee, showing how untrusted web content can manipulate agent behavior behind the scenes.
Tribeca Softtech’s Aman Mahapatra said the bigger risk is architectural: transformer-based systems cannot cleanly separate trusted instructions from untrusted content in the same context window, leaving procurement, onboarding and trading agents exposed.
Digital 520’s Noah Kenney cautioned the safe-vulnerable split is only a point-in-time snapshot because agent behavior can shift as models update, making binary classifications too simplistic for CISOs.
Security advisers said agentic AI creates new trust boundaries and resembles an insider-threat problem, as tools with broad inherited permissions can act on manipulated information without human skepticism.
If AI agents fall for simple online scams, how can we trust them with critical decisions?
Can AI ever be architecturally designed to distinguish trusted commands from malicious data?
Are your company's AI agents secretly controlled by instructions hidden on the web?
Indirect Prompt Injection Attacks Surge in 2026: How AI Agents Are Being Weaponized and What Organizations Must Do Now
Overview
In July 2026, attackers began targeting AI agents—now a primary way people interact with the internet—through indirect prompt injection (IPI) campaigns. Zscaler's ThreatLabz discovered that ordinary web pages are being transformed into tools for attack, feeding false instructions directly into AI systems and automated tools. Attackers use search engine optimization (SEO) poisoning to push their malicious websites high in search results, making them appear legitimate. These deceptive sites then deliver hidden commands to AI agents, showing how cybercriminals are adapting their tactics as AI becomes more central to online activity.