Zscaler identified that certain autonomous AI agents, including specific LLM models like Llama3-3-70b-instruct, Llama3-2-90b-instruct, Gemini-3-flash, and Gemini-2.5-pro, are susceptible to indirect prompt injection (IPI) traps. These vulnerabilities allow attackers to manipulate agent behavior through hidden instructions embedded in websites or prompts, leading to unintended actions such as fraudulent payments or compromised workflows.