Security Researchers Uncover Web-Based IDPI Attacks

Unit 42 at Palo Alto Networks reports in-the-wild web-based indirect prompt injection (IDPI) attacks, observed across telemetry and including a December 2025 instance that bypassed an AI ad-review system. The analysis catalogs 22 attacker payload techniques, documents intents such as data destruction and credential leakage, and warns that LLMs and agentic integrations expand the web attack surface for automated systems.
Key Points
- 1Detects 22 distinct IDPI payload techniques used in real-world malicious webpages.
- 2Demonstrates first observed AI ad-review evasion in December 2025, indicating escalation in attacker intent.
- 3Warns that agentic LLM integrations create scalable attack surfaces, requiring web-scale detection and prompt filtering.
Scoring Rationale
Broad telemetry and a first ad-review bypass detection drive high impact, limited by vendor-specific framing and defensive focus.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems
