Researchers find AI agents lack consistent defenses against prompt injection attacks

According to CSO Online, researchers from Nanyang Technological University, ST Engineering, IBM Research, and the University of Illinois Urbana-Champaign found that current AI web agents powered by GPT-5 and Gemini have no dependable defenses against prompt injection. Across 3,168 adversarial runs and 264 benchmark cases, not a single attack scenario was consistently blocked, exposing enterprises to failures that conventional security testing may overlook.