Artificial intelligence agents could be deceived into executing malicious tasks through the new PromptFix attack technique, a ClickFix variant that involves prompt injections, reports Infosecurity Magazine.
Through PrompFix, Guardio Labs researchers masquerading as scammers sending a bogus message linking to recent blood test results were able to trick the AI agent into clicking a button to solve an encountered CAPTCHA prompt. "In our controlled demo, the button downloaded a harmless file. Still, it could just as easily have been a malicious payload, triggering a classic drive-by download and planting malware on the human's machine without their knowledge," said researchers, who noted that threat actors could harness PromptFix to compromise cloud storage accounts and personal information. Such findings were noted by Menlo Security Chief Security Architect Lionel Litty to emphasize the gullibility of agentic AI. "In an adversarial setting, where an AI agent may be exposed to untrusted input, this is an explosive combination. Unfortunately, the web in 2025 is very much an adversarial setting," Litty added.
Through PrompFix, Guardio Labs researchers masquerading as scammers sending a bogus message linking to recent blood test results were able to trick the AI agent into clicking a button to solve an encountered CAPTCHA prompt. "In our controlled demo, the button downloaded a harmless file. Still, it could just as easily have been a malicious payload, triggering a classic drive-by download and planting malware on the human's machine without their knowledge," said researchers, who noted that threat actors could harness PromptFix to compromise cloud storage accounts and personal information. Such findings were noted by Menlo Security Chief Security Architect Lionel Litty to emphasize the gullibility of agentic AI. "In an adversarial setting, where an AI agent may be exposed to untrusted input, this is an explosive combination. Unfortunately, the web in 2025 is very much an adversarial setting," Litty added.
