Indirect Prompt Injection in AI Agents: How It Works and How to Stop It (2026)
The attack rides in through the data an agent reads, an email, a support ticket, a retrieved document, not the prompt you type. How EchoLeak and the Supabase MCP leak worked, and how to stop the class.