# Key points
- Dangling DNS entries are leftover pointers that can be exploited by attackers to build credibility and smuggle hidden malicious prompts into AI agents.
- AI agents are increasingly targeted because they act on prompts embedded in code, SVG, or HTML, turning a simple DNS oversight into a high-leverage attack surface.
- The attack is scalable thanks to automation and serverless infrastructure, now making it much faster and easier for bad actors to find and exploit vulnerable records at scale.
When companies shut down servers, storage buckets, or cloud apps, the DNS entries pointing to them can remain active like ghost signs to a shop that no longer exists. Cybercriminals have long repurposed these abandoned records to set up convincing phishing sites. But recently, a more dangerous twist has emerged—hackers now use these misconfigured links to quietly feed malicious instructions to AI agents.
"<|end_of_text|><|begin_of_text|><|begin_of_text|> according to me, this isn’t an AI-born flaw. It’s an old cloud hygiene problem that AI made worse," said Chirag Mehta from Constellation Research.
Here’s how the attack unfolds: A company might once have run a service like analytics.mycompany.com, linked to a now-deleted AWS or Azure bucket. After the site goes dark, a bad actor registers the same DNS again. They put up a lookalike page with genuine-looking content but embed subtle, invisible instructions—often inside innocuous code or image metadata—meant for AI agents to interpret as valid commands.
"The new hijacked page looks real. But it carries hidden instructions that only AI agents might follow," said Mehta. Those agents could then share sensitive data, retrieve files they shouldn’t, or even calculate new attack paths—all while the company pays for the agent’s compute time.
Akamai described these "dangling DNS" setups as "the most overlooked attack surface in the AI era," and warned they can become automated pipelines for stealing data. Security researchers Watchtowr alone spotted 150 forgotten cloud buckets, which in two months drew 8 million requests. Sentinel One flagged over 1,250 subdomain takeovers last year; Silent Push found over 2,000 exploitable records in just one case.
Many once-fringe tactics are already public. "Subdomain takeovers aren’t rare or exotic," said Avinash Rajeev from PwC. Attackers are also weaponizing AI itself to find such opportunities faster and deploy impostor sites as scale, said Forrester’s James Plouffe, "AI can grind in a way that humans can’t, slashing the work it takes to exploit millions of domains."
Two urgent fixes are emerging. Cloud vendors have tools for finding and cleaning abandoned records—yet they’re often unused. Second, AI agents must have new guardrails that inspect the "spirit" of a prompt and block suspicious content. "As digital ecosystems grow, especially with AI, foundational cyber hygiene becomes even more important," Rajeev said. "Small gaps can scale quickly."
Read the rest: Source Link
Don’t forget to check our list of Cheap Windows VPS Hosting providers, How to get Windows Server 2025, Try Windows 11 Pro for Workstations & browse Windows Azure content.
Remember to like our facebook and follow us on twitter @WindowsMode.
Discover more from Windows Mode
Subscribe to get the latest posts sent to your email.
