We’ve all heard of prompt injection, but what happens when the "attacker" isn’t a human, but a malicious website your AI agent just happened to visit? In this talk, we dive into the world of indirect prompt injection—where simple tools like web search and page-reading become exfiltration endpoints for sensitive data. We’ll discuss why OpenAI’s CISO calls this an unresolved problem and how "autonomous" agents are being reined in by necessary (but restrictive) guardrails. Learn why security in the age of AI isn't about being perfectly bulletproof, but about running faster than the "zombies" by implementing robust tool-call validation and LLM red teaming.