As autonomous AI agents rapidly enter business workflows, security teams face a new and often overlooked threat: indirect prompt injection (IPI). Unlike direct attacks, IPIs hide malicious instructions inside ordinary content — emails, documents, HTML, or even images — causing AI agents to unknowingly execute harmful actions. This emerging attack class has already demonstrated its ability to trigger data leaks, fraudulent transactions, and unauthorized tool use without any explicit malicious prompt.
Radware’s latest research report shows how serious the risk has become — and how effective dedicated AI‑layer defenses can be. In extensive evaluations across two rigorous adversarial datasets, Radware’s AI Agent Protection blocked roughly 95% of all IPI attacks, including highly stealthy, zero‑click techniques.
The solution performed strongly on both:
- AgentDojo Benchmark – a wide range of known prompt‑injection techniques across multiple business domains, achieving a 95.7% detection rate.
- The Gauntlet Challenge – Radware’s own set of advanced, novel, multi‑step, and multimodal IPI attacks, with a 95.4% detection rate.
Across both datasets, the protection layer acted as a real‑time sentinel — analyzing the agent’s context, monitoring tool usage, and blocking suspicious actions before they were executed.
Bottom line: IPI attacks are no longer theoretical. Radware’s findings show that with the right protection in place, organizations can confidently adopt agentic AI without exposing themselves to this new class of AI‑native threats.