Google researchers analyzed CommonCrawl data and published findings showing a 32% relative increase in malicious prompt injection attempts on public web pages between November 2025 and February 2026. The injections—hidden in white-space text or metadata—target AI agents browsing the web and range from SEO manipulation to data exfiltration and destructive commands designed to delete files; one payload embedded fully specified PayPal transactions for agents with payment capabilities. Current attacks remain low-sophistication, but Google warns that agentic AI is lowering the cost of offensive operations and the threat is actively maturing.