Visual world models can be systematically manipulated through visually imperceptible image modifications to generate erroneous predictions without requiring knowledge of future data or user inputs.
Current AI web agents lack reliable defenses against prompt injection attacks and can fulfill attack objectives undetected while users remain unaware of the threat.