Study finds AI agents lack consistent defenses against prompt injection attacks

Researchers from Nanyang Technological University, ST Engineering, IBM Research, and University of Illinois Urbana-Champaign tested 3,168 adversarial runs across web agent systems using 264 benchmark cases and found not a single attack scenario was consistently blocked across GPT-5 and Gemini-powered agents. The StakeBench study reveals enterprises may face failures that conventional security testing overlooks.