New Agent Data Injection Attack Can Make AI Agents Misclick or Run Attacker Commands
A new attack, Agent Data Injection, targets AI agents by corrupting the data they trust, leading them to perform unintended actions while still appearing to complete their assigned task. The source describes two concrete examples: asking an AI agent to summarize product reviews can result in it clicking "Buy Now" due to a single planted review; similarly, a coding assistant asked to apply a maintainer's fix from a GitHub thread can be tricked by a fake comment into executing a stranger's command. The attack does not hijack the agent's task but instead corrupts the facts the agent relies on, allowing it to continue with the job as instructed. The source does not name specific models, tools, or versions affected, nor does it provide remediation steps or exploitability conditions. The attack highlights a vulnerability in how agents process and trust external data sources.
Developers must ensure agents validate external data to prevent unintended actions.