BlockBeats News, September 22nd, According to AI researcher Abi Raghuram, newly released AI Agents by Notion are vulnerable to prompt injection risk: Attackers can implant invisible hidden text (e.g., white font) in files such as PDFs. When the user hands over the file to the Agent for processing, the Agent may read the hidden prompt words and execute instructions, thereby sending sensitive information to an external address.
The researcher pointed out that such attacks often leverage social engineering techniques such as masquerading as authority figures, creating a sense of urgency, and providing false security assurances to increase success rates. Experts recommend increasing vigilance: avoid uploading PDFs/files of unknown origin to the Agent, strictly limit the Agent’s external network and data export permissions, perform steganography removal/cleansing and manual review of suspicious files, and require the Agent to display a clear confirmation prompt before external submission to reduce the risk of sensitive data leakage.
