Attack  ·  Glossary

Zero-click prompt injection

Zero-click prompt injection is a version of prompt injection (hiding malicious instructions where an AI will read and obey them) that requires no click, approval, or action at all from the human user — the attack triggers automatically the moment the AI processes the poisoned content. This removes the 'human in the loop' safety net that many organizations rely on as a last line of defense.
Executives who assume a human approval step protects them from AI manipulation need to know that some attacks now bypass that safeguard entirely, requiring technical controls instead of user vigilance.
Track this in the live feed See how this plays out in real AI security and governance developments.
Open the feed →