{"data":{"id":"5e439ced-b6d0-4a63-beef-9e4ace96f5f6","title":"Prompt Injection Attacks Trick AI Agents Into Making Crypto Payments","summary":"Threat actors are using prompt injection attacks (tricking an AI by hiding instructions in its input) embedded in malicious websites and search results to trick AI agents into making cryptocurrency payments or trusting fake platforms. Researchers at Zscaler found two campaigns: one hiding payment instructions in a fake Python library website using SEO poisoning (manipulating search rankings with keyword-stuffed content), and another impersonating DeBank, a cryptocurrency platform. When tested on 26 different language models, four were successfully tricked into making payments, while two misidentified the fraudulent website as legitimate.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://www.securityweek.com/prompt-injection-attacks-trick-ai-agents-into-making-crypto-payments/","publishedAt":"2026-07-06T11:19:47.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection","rag_poisoning"],"issueType":"news","affectedPackages":null,"affectedVendors":["Meta","Google","Anthropic","OpenAI"],"affectedVendorsRaw":["Llama 3.3","Llama 3.2","Gemini 3 Flash","Gemini 2.5 Pro","Claude Sonnet 4.5","GPT-5.4","DeBank"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-07-06T11:19:47.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}