Unveiling AI Agent Vulnerabilities Part III: Data Exfiltration - TrendMicro

Multi-modal AI agents are susceptible to indirect prompt injection, where hidden instructions in external sources like images or documents can trigger sensitive data exfiltration without user interaction. This vulnerability, demonstrated by the Pandora PoC, allows malicious payloads embedded in files like MS Word documents to execute code and transmit confidential information to external command-and-control servers.