Email Prompt Injection as Insider Threat

Hidden instructions in emails and documents can trigger summarizers or agentic AIs to exfiltrate secrets or perform transactions when they auto‑process content. As AI tools gain autonomy and production access, a crafted message can function like planting a malicious employee behind the firewall. — This reframes enterprise security and AI policy around treating LLMs as untrusted actors that must be sandboxed and strictly permissioned.

Sources

Are AI Agents Compromised By Design?

BeauHD 2025.10.14 82% relevant

Schneier and Raghavan explicitly call out prompt injection, data poisoning, and tool misuse as integrity attacks that turn an agent into an untrusted insider, mirroring the prior idea that LLMs must be sandboxed and strictly permissioned because inputs can coerce actions.

AI Tools Give Dangerous Powers to Cyberattackers, Security Researchers Warn

EditorDavid 2025.09.21 100% relevant

Black Hat demos where emailed hidden directives caused LLM summaries to find passwords and send them out, and Guardio’s tricking of Perplexity’s Comet agent into making a purchase; CrowdStrike’s warning that “AI will be the new insider threat.”