What happened
Google DeepMind researchers published the first systematic framework mapping six categories of web-based attacks against autonomous AI agents: content injection, semantic manipulation, cognitive state (memory) poisoning, behavioural control, systemic attacks, and human-in-the-loop traps.
Why it matters
Red-teaming studies found every AI agent tested was successfully compromised at least once. The framework reveals 'Dynamic Cloaking' attacks where malicious servers detect AI agents and serve different content with embedded prompt-injection payloads invisible to human visitors.
Action needed
Security teams deploying web-browsing AI agents must implement agent-specific web content filtering, user-agent obfuscation, and output validation. Review the six attack categories against current agent deployments and update threat models accordingly.