A $3,000 refund just went out. No human approved it. Your AI agent read a poisoned tool response and did exactly what the attacker wanted. The scenario is constructed. The attack is not. Indirect prompt injection is ranked number one on the OWASP Top 10 for LLM applications, and most teams shipping agents have not patched it, because the attack never comes through the chat box (video below). What is indirect prompt injection in AI agents? Indirect prompt injection is an attack where malicious in