Zscaler says malicious websites are using indirect prompt injection to influence autonomous AI agents, including campaigns tied to crypto-payment and fake DeFi decisions. SecurityWeek and SC Media reported July 6-7, 2026, that Zscaler found hidden prompts, SEO manipulation, and fake trust signals designed to steer agents that browse the open web. The practical issue is authority: an agent that can read untrusted pages and also make payments, install packages, or call business tools needs browser isolation, source-trust checks, and human approval for irreversible actions. This is a web-content risk, not only a prompt-engineering bug.
CISA Uses Anthropic Mythos to Audit Federal Code