Google researchers analyzed indirect prompt injection attempts on public websites and found an increase in malicious injections over recent months, though most were low in sophistication. Their scan of Common Crawl snapshots using Gemini and human review revealed pranks, SEO and deterrent prompts as well as malicious exfiltration and destruction attempts, with a 32% rise in malicious incidents between November 2025 and February 2026; #Gemini #ChatGPT
Keypoints
- Researchers scanned Common Crawl website snapshots and used Gemini plus human review to identify indirect prompt injections.
- They observed a 32% increase in malicious prompt injection attempts between November 2025 and February 2026.
- Most injections were low sophistication and included pranks, SEO manipulations, and instructions to deter AI agents.
- Security-relevant attacks fell into exfiltration (collecting IPs/credentials) and destruction (attempts to delete files).
- Advanced exfiltration prompts were rare, but experts warn the threat is maturing and likely to grow in scale and complexity.