Back to feed
Dev.to
Dev.to
5/8/2026
Prompt injection through website content: how AI agents can be manipulated by the pages they visit

Prompt injection through website content: how AI agents can be manipulated by the pages they visit

Short summary

AI agents like ChatGPT, Claude, Perplexity, and Gemini read full HTML when visiting pages—including content hidden via CSS (display:none), alt-text, comments, and SVG—creating a new threat surface for indirect prompt injection. Attackers can embed instructions to manipulate AI outputs without direct user contact. Traditional security scanners ignore hidden content; defense requires DOM-aware pattern detection, multi-agent crawling to identify divergent responses, and threat model documentation.

  • AI agents read full DOM including hidden content invisible to humans, enabling indirect prompt injection attacks
  • Six attack vectors identified: hidden CSS, alt-text, HTML comments, SVG text, user-agent detection, markdown rendering
  • Defenders need multi-agent crawling, DOM-aware pattern detection, and threat model documentation—major tooling gap

Generated with AI, which can make mistakes.

#ai-agents#ai-tools#regulation-policy
Read full article at Dev.to

Is this a good recommendation for you?

Explore more

The web is now weaponized against your AI agents
Dev.to
I Broke AI Systems for a Living. Here’s How Attackers Actually Do It.
Dev.to
OWASP Top 10 for LLMs: A Practitioner’s Implementation Guide
Dev.to
OWASP Agentic Top 10 in Next.js — Mitigation Patterns for Each Risk (2026)
Dev.to