Google Exposes Web Pages Hijacking AI Agents to Drain PayPal Accounts and Steal Credentials

Google's security team has uncovered a systematic campaign in which malicious web pages are weaponized to hijack AI agents, directing them to transfer funds, delete files, and transmit credentials to attacker-controlled infrastructure. The findings emerged from a scan of billions of web pages, revealing that threat actors are actively exploiting the expanding role of AI agents in automating everyday tasks—from email management to financial transactions.

The hijacking techniques target AI agents that have been granted permissions to interact with external services and execute tasks on behalf of users. In documented instances, specially crafted web pages manipulated agents into authorizing PayPal transfers, removing files from local systems, and forwarding sensitive login information. The attacks leverage how AI agents parse web content and follow embedded instructions, turning trusted automation workflows into direct pathways for fraud and data exfiltration.

The discovery signals mounting risk for organizations deploying AI agents in enterprise and consumer environments. As AI systems gain deeper access to financial platforms, cloud storage, and communication tools, security researchers warn that the attack surface available to threat actors grows correspondingly. The research underscores the need for tighter permission boundaries, real-time monitoring of AI agent behavior, and stricter validation of web content processed by automated systems.

Google has published technical details and indicators of compromise to help security teams detect and block malicious pages targeting AI agents.