Noisy
← this week  ·  Subscribe →

The world is being quietly rearranged by people who write very long documents.

arXiv · April 6, 2026
The title they went with Poison Once, Exploit Forever: Environment-Injected Memory Poisoning Attacks on Web Agents Noisy translates that to

AI web agents can be poisoned just by looking at a bad website

What happened
Researchers found a new way to trick AI web agents. These agents can be silently poisoned just by viewing a manipulated webpage, making them act maliciously later on different websites.
Why it matters
Everyone building AI agents assumed they were safe if attackers couldn't directly access their memory. This paper shows that simply letting an AI agent browse the internet can corrupt its memory, making it act maliciously later on different websites. It also turns out that when AI agents get confused or frustrated, they become much easier to trick.
The signal
Watch for AI browser developers to announce new security features specifically designed to isolate agents from malicious web content, or for reports of real-world exploits using this method.
If you insist
Read the original →