惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
V
Vulnerabilities – Threatpost
L
LINUX DO - 热门话题
H
Hacker News: Front Page
Hacker News - Newest:
Hacker News - Newest: "LLM"
L
Lohrmann on Cybersecurity
Cisco Talos Blog
Cisco Talos Blog
O
OpenAI News
S
Securelist
Security Latest
Security Latest
T
Threat Research - Cisco Blogs
H
Heimdal Security Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Recorded Future
Recorded Future
Microsoft Azure Blog
Microsoft Azure Blog
MyScale Blog
MyScale Blog
Webroot Blog
Webroot Blog
The Hacker News
The Hacker News
Google Online Security Blog
Google Online Security Blog
Latest news
Latest news
N
Netflix TechBlog - Medium
N
News and Events Feed by Topic
D
Docker
D
DataBreaches.Net
A
About on SuperTechFans
T
Tor Project blog
V
V2EX
G
Google Developers Blog
博客园 - Franky
N
News | PayPal Newsroom
T
The Blog of Author Tim Ferriss
I
InfoQ
H
Help Net Security
V2EX - 技术
V2EX - 技术
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
S
Security Affairs
SecWiki News
SecWiki News
The Register - Security
The Register - Security
人人都是产品经理
人人都是产品经理
NISL@THU
NISL@THU
小众软件
小众软件
B
Blog
T
Threatpost
P
Palo Alto Networks Blog
博客园 - 【当耐特】
L
LangChain Blog
AWS News Blog
AWS News Blog
月光博客
月光博客
宝玉的分享
宝玉的分享

PYMNTS.com

BNY Names New Head for Payments/Trade Client Platform Treasury Calls for Programmable Financial Enforcement Across Crypto DeepSeek Seeks $20 Billion Valuation as Tech Giants Weigh Investment Google Accelerates Agentic AI Shift With New Enterprise Platform OpenAI Begins Briefing Governments on Cybersecurity Capabilities DeFi Security Suffers New Blow With $3 Million Volo Exploit Uninvited Users Access Anthropic’s Mythos AI Model Block and Uber Expand Partnership Across Several Global Markets OpenAI Pledges $1.5 Billion to PE Enterprise AI Project Podcast: Inside the $9 Billion DeFi Hack That’s Shaking Crypto’s Foundations Synchrony CFO Flags Momentum in Spending and Credit Banks Risk Slowing the Emerging Middle Market Firms Driving Growth Paysafe Expands Digital Wallet Availability Across 18 European Markets Bad Data Can Break Good AI in Payments 50% More Digital Shopping Days Put Parents at the Center of Retail’s Shift 65% Call Insurance Essential. Why Most Spending Isn’t So Clear-Cut Amazon Recasts Marketplace Fraud as a Broader Trust Problem Capital One’s Q1 Shifts Attention From Spending to Strategy Lawmakers Question JetBlue About Surveillance Pricing Allegations Small Businesses Stop Chasing Amazon on Delivery Speed Google Embeds AI Into Chrome for 3.5 Billion Users Adobe Plans Outcome-Based Pricing for New AI Product Suite UnitedHealth Spends $1.5 Billion on AI and Wants Double Back MiCA Forces Crypto Firms to Get Licensed or Get Out Prediction Market Kalshi Targets Crypto Perpetuals New York Sues Coinbase and Gemini Over Prediction Markets Amazon and Anthropic Deepen Ties With Investment and Hardware Pact Agentic B2B Is Here. Are Your Contracts and Invoices Ready? Apple Hardware Leader John Ternus to Succeed CEO Tim Cook OCC Enters the Interchange Fight and Raises the Stakes Amazon Dismisses New Evidence in California Antitrust Suit AI Finds Its Best Customer on Main Street Coinbase Opens Services Marketplace for Agentic Commerce Feds Start Processing $127 Billion in Tariff Refunds for Importers Payments Modernization Is Insurance’s Next Big Margin Engine How Visa Is Rewiring Bank Infrastructure for the AI Era Instant Payments Grow but the Real Barrier Is Human The Old-School Card Product Banks May Need Most 43% of SMBs Would Pay to Make Purchases in Installments The Real AI Edge in Payments Comes From Better Judgment In the Age of Agentic AI, Data Control Is Power Verizon’s Dan Schulman Tells CEOs to Be Open About AI Job Cuts Walmart Eyes Stores as Warehouse Space for Same-Day Delivery France’s CB Payments Network Aims to Take on Visa/Mastercard in EU QVC Was TikTok Shop Before TikTok Shop Loop Raises $95 Million to Bridge Supply Chain Data Gap Cursor Eyes $50 Billion Valuation as AI Coding Demand Surges Commercial Lending Rescues Regional Banks From Consumer Slowdown Anthropic and White House Aim to Make Peace in Friday Meeting Home Depot Buys SIMPL Automation to Support Same-Day Delivery The Riskiest Words in B2B: This Is How We’ve Always Done It France Urges Euro Stablecoins to Break Dollar Dependency Importers Prep for Monday Opening of Tariff Refund Portal Permitting Hurdles and Labor Shortages Threaten AI Data Center Timelines Token Freezes Force CFOs to Rethink Stablecoin Risk X Money Tests Whether Social Commerce Can Hold Consumer Deposits Anthropic Briefs EU Regulators on Mythos Cybersecurity Concerns Welcome to Vibe Ordering, ChatGPT Is Taking Your Order Now Nvidia Says AI Can Finally Make Quantum Computing Work QVC Files Chapter 11 to Slash Debt and Pursue Growth Uber Eats Lets Customers Return Their Retail Purchases Financial Officials Sound Alarm About Anthropic’s Banking Risk 71% of Billion-Dollar Firms Face Agent Identity Threats OpenAI Targets Pharma Giants With Purpose-Built AI Model California Claims Amazon Punishes Sellers for Lower Prices on Other Sites CFTC Chairman Says AI Helps Agency Run More Like a Business Global Finance Chiefs Call for Mythos Information Sharing Big Bank Earnings Show Digital Activity Drives Deposits OCC Clears JPMorgan Chase After Trade Surveillance Program Upgrade Accounts Receivable Gets an AI Upgrade BNY’s AI Strategy Signals a New Era of Platform Banking Bank of England Probes AI Threats to UK Financial Stability Rising AI Adoption Is Driving Up Enterprise Costs Google Faces EU Order to Share Search Data With Rivals Delivery Robots Lead Grab’s AI Expansion Circle Chief Says China Could Issue Stablecoin in 3 to 5 Years Amex Acquires Hyper to Boost AI and Expense Management Offerings Anthropic Ready to Offer Mythos to British Banks Issuers Face a New Reality as Credit Goes Real Time How Payments Gaps Are Limiting Deposit Growth at Community Banks AI May Run Payments but Humans Still Own the Risk 90% of Millennials Feel Pressure at the Grocery Store The New Checkout Is Where the Best Offer Wins Apple Pushes Siri Programmers to Adopt AI Coding Tools Amazon Sellers Protest Policy Changes With One-Day Ad Boycott FanDuel and DraftKings Fund $41 Million Lobbying Effort by Super PAC Live Nation Loses Antitrust Case Brought by 33 States Fed Beige Book Finds Tax Refund Relief Running Into Higher Gas Prices Anthropic’s New Design Tool Rivals Adobe and Figma Goldman Sachs Seeks SEC Approval for New Bitcoin ETF What AI-Driven Attack Chains Mean for CFOs and CISOs Healthcare’s AI Boom Moves From Bedside to Back Office Accel Prepares to Pour $5 Billion Into Global AI Breakouts Nearly 4 in 10 Financially Stressed Shoppers Choose Walmart Over Amazon Synchrony Bets on Teachers to Fix Financial Literacy Mastercard’s Mark Barnett Says the Real Currency for SMBs Is Payment Timing SoFi Uses Galileo to Power Real-Time FedNow Transfers Palo Alto Founder Eyes Liberty Bank for AI Banking Experiment Surcharge Surge Hits Consumers as Fee Fatigue Sets In Walmart CFO Says Marketplace Revenue Up 20% Over 2025
The Web Is Gaslighting AI Agents and Nobody Can Tell
PYMNTS · 2026-04-21 · via PYMNTS.com
An artificial intelligence (AI) agent finds the best price on a product and completes the purchase. It browses, selects and checks out without a human visiting a single page. Researchers say the listing it processed could have been seeded with hidden instructions, ones indistinguishable from legitimate content. Google DeepMind has published research on a new class of threat to autonomous AI agents. Researchers called them “AI Agent Traps,” instructions hidden inside ordinary web pages that agents read as commands. The research covered six distinct attack categories and applies to every major model and agent architecture. Enterprises are deploying agents across procurement, finance and commerce with no standardized defenses in place. The Web Is No Longer Neutral Input The core vulnerability is architectural. It starts with a simple difference in how humans and machines read a webpage. When a person visits a product listing, they see the price and the description. An AI agent visiting the same page reads something different. It processes the underlying code, the hidden metadata and the scripts running in the background. Those layers are never visible on screen. Attackers are now writing to them specifically to reach agents. DeepMind’s first attack class is content injection. Malicious instructions are buried in the page’s code or image files, invisible to any human reviewer. The agent reads them as part of the page and acts on them. The second class is semantic manipulation. Instead of hiding commands in code, an attacker crafts product descriptions or vendor profiles worded to steer an agent’s conclusions. It exploits the same tendency to over-weight authoritative-sounding language that affects human judgment. Palo Alto Networks’ threat research team has documented both attack types across the web. Malicious websites are already deploying hidden instructions at scale. They use techniques that fragment or encode commands to pass automated security checks. The commands remain readable to the agent. The attack surface grows every time an agent connects to a new data source. From Bad Decisions to Manipulated Decisions The consumer purchase scenario scales directly into enterprise operations. A procurement agent pulling vendor pricing from a compromised supplier site may route an order to a fraudulent vendor. It does so without producing a visible error. The agent is not malfunctioning. It is following instructions it cannot identify as malicious. A customer service agent retrieving product information from a compromised page may return fabricated details. The agent then logs the interaction as resolved. In both cases, the workflow completes normally, and nothing is flagged. The DeepMind paper documents a case in which a single manipulated email caused an agent in Microsoft’s 365 Copilot to bypass its security classifiers. The agent then exposed its full privileged context. It handed over data it was specifically configured to protect. According to Anthropic, every webpage a browser agent visits is a potential attack vector. The company said that a 1% attack success rate represents significant risk at enterprise scale. Anthropic added that prompt injection is far from a solved problem, particularly as agents take more real-world actions. New Security Layer for Agent-Driven Workflows The reason this is hard to fix is the same reason agents are useful in the first place. AI agents are designed to ingest content from the web and act on it. They do not arrive at a page with skepticism. They read everything as input. An instruction buried in a product listing looks the same to an agent as the price and the shipping date. There is no built-in mechanism to tell the difference. The DeepMind researchers identified detection, attribution and adaptation as the three requirements for an effective defense. Detecting hidden instructions requires pre-ingestion scanners. Tracing which domain introduced a manipulation requires attribution infrastructure. Keeping pace with new attack techniques requires defenses that update continuously. The DeepMind paper called for new web standards that flag content intended for AI consumption and domain reputation systems that score site reliability for agents. It also called for adversarial training built into model development from the start. The researchers noted that many of the six attack categories currently lack standardized benchmarks. Most enterprises have no way to test whether their deployed agents would withstand them. For all PYMNTS AI coverage, subscribe to the daily AI Newsletter. The post The Web Is Gaslighting AI Agents and Nobody Can Tell appeared first on PYMNTS.com.