🐦 Twitter Post Details

Viewing enriched Twitter post

@omarsar0

NEW paper from Google DeepMind The biggest threat to AI agents isn't a smarter attacker. It's the web itself. This work introduces the first systematic framework for understanding how the open web can be weaponized against autonomous agents. The paper defines "AI Agent Traps": adversarial content embedded in web pages and digital resources, engineered specifically to exploit visiting agents. The taxonomy covers six attack classes targeting different parts of the agent architecture like perception (hidden instructions in HTML/CSS) and memory (RAG poisoning and latent memory corruption). The attack surface is no longer just the model. It is every web page, every retrieved document, every piece of content the agent ingests at inference time. Hidden prompt injections in HTML already partially commandeer agents in up to 86% of scenarios, and latent memory poisoning achieves 80%+ attack success with less than 0.1% data contamination. This paper maps where the defenses are weakest and where the research community needs to focus next. Paper: https://t.co/PK7hCYXjuF Learn to build effective AI agents in our academy: https://t.co/1e8RZKs4uX

Media 1
View on Twitter

📊 Media Metadata

{
  "media": [
    {
      "type": "photo",
      "url": "https://crmoxkoizveukayfjuyo.supabase.co/storage/v1/object/public/media/posts/2039383554510217707/media_0.png",
      "filename": "media_0.png"
    }
  ],
  "processed_at": "2026-04-01T16:50:30.938314",
  "pipeline_version": "2.0"
}

🔧 Raw API Response

{
  "type": "tweet",
  "id": "2039383554510217707",
  "url": "https://x.com/omarsar0/status/2039383554510217707",
  "twitterUrl": "https://twitter.com/omarsar0/status/2039383554510217707",
  "text": "NEW paper from Google DeepMind\n\nThe biggest threat to AI agents isn't a smarter attacker. It's the web itself.\n\nThis work introduces the first systematic framework for understanding how the open web can be weaponized against autonomous agents.\n\nThe paper defines \"AI Agent Traps\": adversarial content embedded in web pages and digital resources, engineered specifically to exploit visiting agents.\n\nThe taxonomy covers six attack classes targeting different parts of the agent architecture like perception (hidden instructions in HTML/CSS) and memory (RAG poisoning and latent memory corruption).\n\nThe attack surface is no longer just the model. It is every web page, every retrieved document, every piece of content the agent ingests at inference time. Hidden prompt injections in HTML already partially commandeer agents in up to 86% of scenarios, and latent memory poisoning achieves 80%+ attack success with less than 0.1% data contamination. This paper maps where the defenses are weakest and where the research community needs to focus next.\n\nPaper: https://t.co/PK7hCYXjuF\n\nLearn to build effective AI agents in our academy: https://t.co/1e8RZKs4uX",
  "source": "Twitter for iPhone",
  "retweetCount": 0,
  "replyCount": 0,
  "likeCount": 8,
  "quoteCount": 2,
  "viewCount": 374,
  "createdAt": "Wed Apr 01 16:45:03 +0000 2026",
  "lang": "en",
  "bookmarkCount": 3,
  "isReply": false,
  "inReplyToId": null,
  "conversationId": "2039383554510217707",
  "displayTextRange": [
    0,
    280
  ],
  "inReplyToUserId": null,
  "inReplyToUsername": null,
  "author": {
    "type": "user",
    "userName": "omarsar0",
    "url": "https://x.com/omarsar0",
    "twitterUrl": "https://twitter.com/omarsar0",
    "id": "3448284313",
    "name": "elvis",
    "isVerified": false,
    "isBlueVerified": true,
    "verifiedType": null,
    "profilePicture": "https://pbs.twimg.com/profile_images/939313677647282181/vZjFWtAn_normal.jpg",
    "coverPicture": "https://pbs.twimg.com/profile_banners/3448284313/1565974901",
    "description": "",
    "location": "DAIR.AI Academy",
    "followers": 296314,
    "following": 798,
    "status": "",
    "canDm": true,
    "canMediaTag": true,
    "createdAt": "Fri Sep 04 12:59:26 +0000 2015",
    "entities": {
      "description": {
        "urls": []
      },
      "url": {}
    },
    "fastFollowersCount": 0,
    "favouritesCount": 35270,
    "hasCustomTimelines": true,
    "isTranslator": true,
    "mediaCount": 4576,
    "statusesCount": 17557,
    "withheldInCountries": [],
    "affiliatesHighlightedLabel": {},
    "possiblySensitive": false,
    "pinnedTweetIds": [
      "2039343351187554490"
    ],
    "profile_bio": {
      "description": "Building @dair_ai • Prev: Meta AI, Elastic, PhD • New AI learning portal: https://t.co/1e8RZKs4uX",
      "entities": {
        "description": {
          "hashtags": [],
          "symbols": [],
          "urls": [
            {
              "display_url": "academy.dair.ai",
              "expanded_url": "https://academy.dair.ai/",
              "indices": [
                74,
                97
              ],
              "url": "https://t.co/1e8RZKs4uX"
            }
          ],
          "user_mentions": [
            {
              "id_str": "0",
              "indices": [
                9,
                17
              ],
              "name": "",
              "screen_name": "dair_ai"
            }
          ]
        },
        "url": {
          "urls": [
            {
              "display_url": "dair.ai",
              "expanded_url": "https://www.dair.ai/",
              "indices": [
                0,
                23
              ],
              "url": "https://t.co/XQto5ypSIk"
            }
          ]
        }
      }
    },
    "isAutomated": false,
    "automatedBy": null
  },
  "extendedEntities": {
    "media": [
      {
        "display_url": "pic.twitter.com/AvKCAceKxm",
        "expanded_url": "https://twitter.com/omarsar0/status/2039383554510217707/photo/1",
        "ext_media_availability": {
          "status": "Available"
        },
        "features": {
          "large": {
            "faces": [
              {
                "h": 130,
                "w": 130,
                "x": 37,
                "y": 20
              }
            ]
          },
          "orig": {
            "faces": [
              {
                "h": 130,
                "w": 130,
                "x": 37,
                "y": 20
              }
            ]
          }
        },
        "id_str": "2039383552056598531",
        "indices": [
          281,
          304
        ],
        "media_key": "3_2039383552056598531",
        "media_results": {
          "id": "QXBpTWVkaWFSZXN1bHRzOgwAAQoAARxNWIkVG6ADCgACHE1Yiada4esAAA==",
          "result": {
            "__typename": "ApiMedia",
            "id": "QXBpTWVkaWE6DAABCgABHE1YiRUboAMKAAIcTViJp1rh6wAA",
            "media_key": "3_2039383552056598531"
          }
        },
        "media_url_https": "https://pbs.twimg.com/media/HE1YiRUboAMsXZq.png",
        "original_info": {
          "focus_rects": [
            {
              "h": 404,
              "w": 721,
              "x": 0,
              "y": 0
            },
            {
              "h": 721,
              "w": 721,
              "x": 0,
              "y": 0
            },
            {
              "h": 822,
              "w": 721,
              "x": 0,
              "y": 0
            },
            {
              "h": 897,
              "w": 449,
              "x": 0,
              "y": 0
            },
            {
              "h": 897,
              "w": 721,
              "x": 0,
              "y": 0
            }
          ],
          "height": 897,
          "width": 721
        },
        "sizes": {
          "large": {
            "h": 897,
            "w": 721
          }
        },
        "type": "photo",
        "url": "https://t.co/AvKCAceKxm"
      }
    ]
  },
  "card": null,
  "place": {},
  "entities": {
    "hashtags": [],
    "symbols": [],
    "urls": [
      {
        "display_url": "papers.ssrn.com/sol3/papers.cf…",
        "expanded_url": "https://papers.ssrn.com/sol3/papers.cfm?abstract_id=6372438",
        "indices": [
          1056,
          1079
        ],
        "url": "https://t.co/PK7hCYXjuF"
      },
      {
        "display_url": "academy.dair.ai",
        "expanded_url": "https://academy.dair.ai/",
        "indices": [
          1132,
          1155
        ],
        "url": "https://t.co/1e8RZKs4uX"
      }
    ],
    "user_mentions": []
  },
  "quoted_tweet": null,
  "retweeted_tweet": null,
  "isLimitedReply": false,
  "article": null
}