These attacks exploit the fact that AI agents browse, click, and act on behalf of users: attackers bypass browser isolation controls (same-origin policy), trick agents into harmful actions via fake prompts or lures (agent-phishing), or impersonate trusted AI brands to steal credentials (AI brand spoofing). Together they show how social-engineering and web-security weaknesses are being repurposed to manipulate autonomous agents rather than humans.
Glossary topic
Agent-targeted attack surface: injection, phishing and browser exploitation
Terms in this topic
Track this in the live feed
See how this plays out in real AI security and governance developments.
Open the feed →