AI-Enhanced Assaults Potentially Boost Perilous AI Influence

In the ever-evolving digital landscape of 2025, a new threat has emerged, one that exploits the very technology designed to make our lives easier. Researchers at Guardio have uncovered a new variant of the ClickFix social engineering technique, dubbed "PromptFix," which targets agentic AI agents, potentially putting users at risk.

According to Lionel Litty, chief security architect at Menlo Security, AI agents can be both gullible and servile, a vulnerability that attackers can exploit. The AI treats instructions as commands due to its inability to fully distinguish between instructions and regular content. This lack of context awareness and over-trusting nature can have serious consequences.

In an adversarial setting, an AI agent exposed to untrusted input can be an explosive combination, as per Litty's statement. The security vendor warns that an attacker could gain control of your AI, and by extension, of you.

The consequences of these attacks are stark. Scams no longer need to trick humans, only the AI. In a test scenario, PromptFix caused a drive-by download attack by making the AI click a button. Guardio successfully tricked the AI-powered browser Comet into buying an item from a scam e-commerce site. Similar techniques could be used to send emails containing personal details, grant file-sharing permissions to cloud storage accounts, or execute other potentially malicious actions.

PromptFix tricks agentic AI into performing malicious actions using prompt injection. The attacker presents instructions to the AI agent inside an invisible text box. The technique misleads the AI using methods borrowed from human social engineering.

This phenomenon is referred to as "Scamlexity," a new era of scams where AI convenience collides with a new, invisible scam surface. The web in 2025 is considered an adversarial setting, as per Litty's statement.

It is important to note that the company exploiting the security vulnerability in agentic artificial intelligences and developing PromptFix has not been publicly identified. However, the revelation of this threat serves as a stark reminder of the need for continuous vigilance and the development of robust AI security measures.

As we continue to rely on AI for convenience and efficiency, it is crucial to ensure that these tools do not become a gateway for malicious activities. The rise of Scamlexity underscores the need for a proactive approach to AI security, safeguarding both our digital and personal assets in the face of this new threat.