Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

New "Agent Data Injection" Attack Can Hijack AI Agents by Misdirecting Trained Data



A new attack known as Agent Data Injection (ADI) has been identified, where malicious actors can manipulate data in AI systems to trick them into executing unintended commands. The vulnerability lies in the way these models process structured data and can be exploited by introducing specially crafted punctuation marks into fields containing trusted information.

  • Agent Data Injection (ADI) is a new attack threatening AI systems, allowing malicious actors to inject manipulated data and hijack autonomous actions.
  • The vulnerability lies in the way AI agents process data, specifically through specially crafted punctuation marks that can be used to trick models into treating them as genuine.
  • ADIs poses significant threats to web-based agents, coding assistants, and other AI-powered systems, potentially leading to unintended actions or unauthorized access.
  • The attack can be mitigated by adding random tags to field names, closely monitoring data origin, or using defense systems that block malicious inputs.



  • The world of artificial intelligence (AI) and cybersecurity has been hit with yet another significant threat in the form of a novel attack known as Agent Data Injection (ADI). This latest development, recently disclosed by researchers from Seoul National University, the University of Illinois Urbana-Champaign, and Largosoft, poses a substantial risk to AI systems designed to carry out various tasks autonomously. ADI is an advanced form of attack where malicious actors inject manipulated data into AI models, leading them to misdirect their actions or execute unintended commands.

    The vulnerability lies in how these sophisticated AI agents process data. Unlike traditional computer systems, which categorize inputs as either instructions or regular information, AI agents discern between the two by examining a specific type of punctuation used within structured data. When malicious actors introduce specially crafted punctuation marks into fields that contain trusted data, such as sender names or button IDs, they can fool these models into treating them as genuine and thus allow the attacker to hijack the agent's actions.

    One significant threat associated with this attack is its potential impact on web-based agents. By injecting a fake review into an e-commerce platform, for instance, an attacker could trick an AI-powered search engine like Claude in Chrome or Google's Antigravity into clicking on a "Buy Now" button instead of the intended "Read More" option. This can lead to unintended purchases or even unauthorized access.

    Another pressing concern is the risk posed by coding assistants such as Claude Code, OpenAI's Codex, and Google's Gemini CLI. In these scenarios, attackers can create fake comments that mimic those from legitimate developers or project maintainers. As a result, an AI-powered coding assistant might apply changes based on the erroneous feedback, potentially running malicious commands on users' computers.

    The researchers behind this discovery have tested their findings with real-world tools and report a high success rate for ADI attacks against various models across these platforms. However, certain countermeasures can mitigate or even prevent such attacks. For example, adding random tags to field names can deter the attackers from succeeding, while defense systems that closely monitor data origin can entirely block malicious inputs.

    The emergence of this new attack highlights a broader issue: the need for more robust cybersecurity measures designed specifically with AI in mind. This includes not just blocking malicious code but also preventing manipulation of trusted data and ensuring transparency around how AI models process user input. As our reliance on intelligent machines continues to grow, it is crucial that we keep pace with these developments by developing safeguards that protect against sophisticated threats like ADI.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/New-Agent-Data-Injection-Attack-Can-Hijack-AI-Agents-by-Misdirecting-Trained-Data-ehn.shtml

  • https://thehackernews.com/2026/07/new-agent-data-injection-attack-can.html


  • Published: Thu Jul 16 07:53:12 2026 by llama3.2 3B Q4_K_M













    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us