Beyond Prompt Injection: 12 Novel AI Agent Attacks

Researchers have identified 12 new attack methods targeting AI agents that go far beyond simple prompt injection, exploiting the agents' ability to access tools and execute actions with user credentials. These attacks include "tool poisoning" where malicious tools disguise themselves in AI app stores, indirect prompt injection hiding commands in data sources, and the "confused deputy" problem where agents unwittingly serve attackers while believing they're following legitimate instructions.