Google's Threat Intelligence teams conducted a broad scan of the public web using Common Crawl to assess real-world indirect prompt injection (IPI) activity. They found that while IPI attacks exist in the wild, current sophistication is low — most instances are harmless pranks, SEO manipulation attempts, or basic experiments rather than advanced exploits. Categories observed include helpful guidance, SEO abuse, AI-deterrence traps, data exfiltration attempts, and destructive commands. Critically, malicious detections grew 32% between November 2025 and February 2026, signaling a maturing threat. Google warns that as AI agents become more capable and attack automation lowers costs, IPI attacks will likely increase in both scale and sophistication.
Table of contents
The landscape of IPI on the webThe challenge of false positivesWhat does this mean?Sort: