New Indirect Prompt Injection Attacks Target AI Assistants Like GitHub Copilot

Cybersecurity researchers at Forcepoint identified new indirect prompt injection (IPI) attacks targeting AI assistants, including GitHub Copilot, by embedding hidden instructions in website code. These attacks exploit the assistants' ability to process external content, manipulating their responses without direct user interaction. The technique leverages untrusted web data to execute unintended commands or exfiltrate sensitive information. No specific dates, CVE IDs, or quantitative impact metrics were disclosed in the report. The attacks highlight a growing vulnerability in AI-driven tools that integrate with web-based inputs. The findings were published by HackRead without additional technical or mitigation details.