Your AI Agent Is Reading Poisoned Web Pages (And You Don't Know It)

There's a class of prompt injection attack that bypasses almost every AI firewall on the market - and it's sitting in the blind spot of your agentic stack right now. It's not in your system prompt. It's not in the user's message. It arrives mid-session, inside a tool_result block, after your agent has already started working. The Attack Nobody Talks About Most teams think about prompt injection at the entry point: sanitize user input before it hits the LLM. That's table stakes. The harder problem is what happens during an agentic session.