
Hidden instructions on websites con agents into falling for scams that a human would see through.
Will a major cybersecurity firm disclose a new AI agent prompt injection vulnerability by July 31?
Resolves by Jul 31, 2026
Security testing found that autonomous AI agents can be manipulated by hidden instructions embedded in websites, a vulnerability called indirect prompt injection traps. Some of the most advanced language models fell victim to these schemes, though susceptibility varied across different models, while lower-level models sometimes performed better. The concern is significant because as AI agents become common tools for accessing the web, the content itself becomes a larger attack surface, and the fundamental architecture of transformer-based systems cannot cleanly separate untrusted content from trusted instructions when both exist in the same context window. The risk is particularly acute for agents with authorization over high-stakes business functions like procurement or financial transactions, where the damage could be far greater than the small-scale payment scams demonstrated in testing.

An AI agent carried out the technical execution of a real-world ransomware attack for the first known time, but new details show a human still chose the victim, set up the infrastructure, and supplied stolen credentials — meaning it wasn't quite the fully autonomous cybercrime debut that last week's headlines suggested.

A running look — in reverse chronological order — at the bigger tech companies that have announced significant layoffs this year with AI as a stated factor.

Anthropic quickly removed a tracker secretly monitoring Claude Code users in China after a security researcher exposed the hidden code and condemned the spyware-like tracking as a “serious breach of user trust.” Last week, a web developer known as “Thereallo” was researching privacy issues in Claude Code and was shocked to find that the AI firm was using “prompt steganography” to hide code that tracks Chinese users “in plain sight.” This code wasn’t malicious, but it was sending information to A
Want to go deeper than the news? Explore live, cohort-based AI courses taught by practitioners.
Browse AI courses on Maven