Prompt injections don’t need to be obvious.
They can be completely invisible.
Attackers can hide instructions using:
Zero-width Unicode characters (Easily done w/ @elder_plinius's P4RS3LT0NGV3, link in comments)
White-on-white text
Hidden HTML/CSS
PDF metadata
Images with hidden text
Ultrasonic audio
To a human, the content looks harmless.
To an AI system, it may contain:
“follow these new instructions”
“send secrets to this URL”
“use connected tools”
As AI agents gain more permissions and access to tools, stealthy prompt injection becomes a much bigger problem.
The attack surface is larger than most people realize 👾