cd /news/ai-safety/prompt-injection-is-becoming-the-xss… · home topics ai-safety article
[ARTICLE · art-63215] src=helpnetsecurity.com ↗ pub= topic=ai-safety verified=true sentiment=↓ negative

Prompt injection is becoming the XSS of the web agent era

Researchers at UC Berkeley have identified a new vulnerability called Cross-Site Prompting (XSP), which allows malicious content on web pages to hijack autonomous web agents by injecting prompts. Their system, Prismata, acts as a safeguard between agents and web content, mirroring the threat model of Cross-Site Scripting (XSS) in the era of web agents.

read1 min views1 publishedJul 17, 2026

Autonomous web agents read whatever a page displays, and much of that content comes from strangers. Product reviews, seller listings, and advertisements sit beside trusted site menus on a single page. An agent that reads all of that text as instructions can be steered by any of it. A group at UC Berkeley describe Cross-Site Prompting, or XSP, as the agent-era version of Cross-Site Scripting. Their system, Prismata, sits between a web agent and the … More

The post Prompt injection is becoming the XSS of the web agent era appeared first on Help Net Security.

── more in #ai-safety 4 stories · sorted by recency
── more on @uc berkeley 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/prompt-injection-is-…] indexed:0 read:1min 2026-07-17 ·