[HN]score: 0.41

Indirect Prompt Injection via €0.01 Transfer Compromised Bunq's AI Assistant

June 10, 2026

Security firm Blue41 found that a malicious string embedded in a bank transfer memo could hijack Bunq's AI assistant to deliver personalized phishing content to the recipient user. The attack requires no special access — just a standard transfer — and exploits the assistant's access to transaction data as an untrusted input surface.

HOW THIS AFFECTS YOU

●

builderAny AI assistant that ingests transaction records, messages, or documents from external parties is vulnerable to this class of indirect prompt injection — input sanitization and privilege separation are not optional in production financial agents.

●

policyThis is a concrete, reproducible example of AI agent risk in regulated financial infrastructure, directly relevant to ongoing debates about AI deployment standards in banking.

read original ↗blue41.com

← back to feed