Definition
Plain language
Hiding instructions for an AI inside content it reads — a webpage, a file — so it follows them without realizing.
As stated in the literature
An attack where adversarial instructions are placed in content the agent retrieves at runtime, causing it to treat external text as if it were user instructions.
Also called: indirect prompt injection
Why it matters: It's a leading security risk for tool-using agents, because any content the agent reads becomes a potential channel for an attacker to control it.
For example, an AI assistant summarizing a webpage might silently follow hidden instructions in the page text telling it to email the user's contacts.