DOM Poisoning Expands the AI Agent Attack Surface

DOM Poisoning Expands the AI Agent Attack Surface


DOM Poisoning Expands the AI Agent Attack Surface

Zscaler ThreatLabz documented two campaigns using hidden prompt instructions in website DOM elements to manipulate AI agents. The observed sites combined SEO poisoning, JSON-LD metadata, off-screen CSS text, and typosquatting to feed malicious directives to scrapers and LLM-based tools, including payment instructions and false authority signals. The technique is outlined in DOM poisoning research published on 3 July.

The cases show that AI agents parsing web content can be steered by invisible page elements that do not affect human users. Operationally, this turns search ranking, structured metadata, and retrieval pipelines into a single attack chain against automated troubleshooting, coding, and DeFi-related workflows.

️ Open sources - closed narratives

@sitreports

Source: Telegram "sitreports"

Report Page