Zscaler Finds Prompt Injection Campaigns Targeting AI Agents Zscaler discovered malicious websites using indirect prompt injection to manipulate autonomous AI agents, including campaigns tied to crypto-payments and fake DeFi decisions. The attacks exploit agents that browse the open web, requiring browser isolation, source-trust checks, and human approval for irreversible actions. Zscaler says malicious websites are using indirect prompt injection to influence autonomous AI agents, including campaigns tied to crypto-payment and fake DeFi decisions. SecurityWeek and SC Media reported July 6-7, 2026, that Zscaler found hidden prompts, SEO manipulation, and fake trust signals designed to steer agents that browse the open web. The practical issue is authority: an agent that can read untrusted pages and also make payments, install packages, or call business tools needs browser isolation, source-trust checks, and human approval for irreversible actions. This is a web-content risk, not only a prompt-engineering bug.