Google researchers have identified a sharp rise in malicious web pages designed to hijack AI agents, with attacks capable of triggering payments, leaking credentials, and deleting files.
The company’s security team found a 32% increase in indirect prompt injection attacks between November 2025 and February 2026 after scanning billions of web pages each month.
“Tweet like a bird,”
Was one example of a low-level prompt uncovered in the study, highlighting how attackers embed hidden instructions aimed at AI systems rather than human users.
More serious cases involved fully embedded commands instructing AI agents to send PayPal transactions, expose user passwords and IP addresses, or execute destructive system-level actions.
The attacks rely on invisible techniques such as one-pixel text, transparent content, hidden HTML comments, and metadata injections that AI models can read but humans cannot.
The findings highlight a growing security gap as AI agents gain real-world capabilities, with no clear legal framework defining liability when compromised systems act on malicious third-party instructions.
The report underscores rising concerns for companies deploying AI agents in finance, payments, and automation, where the consequences of exploitation could extend to direct financial loss and data breaches.