Covert operation delivers tainted web pages specifically to artificial intelligence agents
In a recent development, a researcher named Shaked Zychlinski has highlighted a new and stealthy attack on AI agents known as the "parallel-poisoned web" attack. This attack, which exploits the core function of AI agents to turn them into weapons against their users, has been tested successfully on various AI systems, including Anthropic's Claude 4 Sonnet, OpenAI's GPT-5 Fast, and Google's Gemini 2.5 Pro.
The attack works by tricking AI agents into performing malicious actions, such as grabbing sensitive information or installing malware, through hidden adversarial prompts on cloaked websites that are invisible to humans and standard security crawlers. The malicious prompts are served only to AI agents, and the attack relies on browser fingerprinting to identify them.
Zychlinski emphasizes the need for a new generation of defenses for agentic AI. He suggests that securing the future of these systems will require a variety of countermeasures, such as monitoring systems, anomaly detection, and robust verification methods. One possible solution is to split AI agents into two roles: a planner (the brain) that does not directly interact with risky data coming from the web, and a sandboxed executor that browses web pages, clicks on links, etc., and meticulously sanitizes any content sourced from the web before passing it to the planner.
Another countermeasure is to use device honeypot AI agents that will flag indirect prompt injections by websites. Additionally, to protect AI agents against this type of attack, the "fingerprints" of their browsing sessions will need to be obfuscated or made similar to those initiated by humans.
Zychlinski's findings serve as a call to action for the cybersecurity community to address the growing threat of malicious attacks on AI agents. His work underscores the importance of developing new defensive strategies to safeguard the integrity and security of AI-powered systems. The researcher's findings also highlight the need for improved security measures to protect AI agents from attacks like the "parallel-poisoned web" attack.
