I recently set up an agent to scan and summarize industry headlines for me. A relatively straightforward AI use case these days.

Looking at the reasoning trace today, I see at least 2 prompt injection attacks on the agent below. It’s a bit amusing to see Claude shrug these off and keep going with the real work, but it’s disconcerting to get a small glimpse at the number of tricks and traps that are being set up to try to ensnare this new cohort of agents.

Stay safe out there agents.