Google DeepMind researchers published a framework identifying six “AI agent trap” categories that hackers could use to manipulate autonomous AI agents. The study found content injection attacks could hijack agents in up to 86% of tests. Researchers demonstrated behavioral control traps that triggered data exfiltration from systems, including Microsoft M365 Copilot. Other risks included poisoned memory, invisible instructions, and systemic attacks targeting multiple agents. The paper warned that as AI agents gain access to emails, browsing, and transactions, attackers could weaponize them against users, calling for stronger safeguards and new security standards.