\nIn our first post, we introduced the world of AI web agents – defining what they are, outlining their core capabilities, and surveying the leading frameworks that make them possible. Now, we\u2019re shifting gears to look at the other side of the coin: the vulnerabilities and attack surfaces that arise when autonomous agents browse, click, and act on our behalf.<\/p>\n
From startups to tech giants, everyone is racing to embed these agentic capabilities into their products and services, making AI agents central to modern operations. But as adoption accelerates, a harsh truth emerges: their power comes with exposure. In this post, we\u2019ll explore how vulnerabilities in AI web agents are emerging as critical security risks, especially when these tools are embedded into larger agentic workflows and systems.<\/p>\n
## Web Agents Recap<\/p>\n
Before we dive into specific threats, it helps to recap how AI web agents operate under the hood. At a high level, AI web agents are software tools powered by large language models (LLMs) with an automation engine, typically a headless browser or API client, to turn natural-language instructions into concrete web actions. They\u2019ll navigate to a page, authenticate or fill out forms, invoke API endpoints, parse responses, and even manage cookies or session state to complete each step. These agents can break down complex prompts into discrete actions and carry them out via a browser or even the underlying operating system.<\/p>\n
Frameworks like **Browser-Use** and **Skyvern** focus on browser automation, while tools like **ACE (by General Agents)** , **OpenAI ‘s Operator**, or **Claude\u2019s Computer Use** extend control to desktop environments. In practice, an agent may fetch live data, maintain context in an internal memory, and coordinate with other specialized agents to execute multi-stage workflows.<\/p>\n
This blend of LLM logic, automation layers, and external integrations not only creates a rich functionality and advanced capabilities but also, as we\u2019ll see, exposes new attack surfaces in modern AI web agents.<\/p>\n
## Risks & Vulnerabilities in AI Web Agents<\/p>\n
Despite their impressive capabilities, AI web agents have clear weak points that attackers can exploit. Although this field is still in its early days, researchers have already started mapping out risks and vulnerabilities affecting AI agents.<\/p>\n
In this blog, we\u2019ll dive into one of the pressing threats to AI web agents: **Agent Hijacking.** This occurs when an attacker interferes with how an agent perceives information or makes decisions. By feeding it misleading inputs or tampering its internal logic, attackers can trick the agent to trust false data, leak sensitive information, or take actions that are unsafe, unintended, or even malicious. To keep things simple, let\u2019s split hijacking attacks into two categories:<\/p>\n
* **Perception & Interface Hijacking: **Manipulating what the agent \u201csees\u201d or how it interacts with the web environment.
* **Prompt-Based Hijacking:** Tampering with the agent\u2019s \u201cthought process\u201d by feeding it with misleading or malicious instructions.<\/p>\n
This two-part breakdown helps clarify where and how agents can be taken over, and why defence strategies must protect both their internal reasoning and their external senses.<\/p>\n
### Perception & Interface Hijacking<\/p>\n
This type of attack goes after the agent\u2019s \u201csenses\u201d and \u201cactions\u201d in the browser. It focuses on the external layer – the browser, UI, or environment the AI agent interacts with. By messing with what the agent sees or clicks on, attackers can trick it into performing unauthorized actions. Perception hijacking occurs in the following sequence of events:<\/p>\n
1. **DOM\/Page manipulation:** tweaking the page\u2019s HTML to mislead the agent, for instance, replacing a legitimate links or buttons with malicious ones. This can be done with known attack vectors like stored XSS, but also through normally benign tools like markdown formatting within applications.
2. **Visual confusion:** these manipulated web elements cause confusion to the web agent, tricking it into taking actions it should not.
3. **Actions:** the agent then clicks on manipulated buttons and links within the page, expecting a certain outcome, and are then redirected to potentially malicious locations.<\/p>\n
In the following video, we show how a simple markdown comment in a standard web forum can hijack the AI web agent Browser-Use. By manipulating how the agent views the site, we can influence its behavior and send it to a malicious destination. For the demo we used a realistic clone of a site, similar to Stack Overflow, to illustrate this behaviour.<\/p>\n
https:\/\/www.imperva.com\/blog\/wp-content\/uploads\/sites\/9\/2025\/06\/Browser-Use-Perception-Hijacking-demo.mp4<\/p>\n
Demo 1: Browser-Use Perception Hijacking<\/p>\n
### Prompt-Based Hijacking<\/p>\n
In contrast to perception-based hijacking, instead of manipulating what the agent sees, this type of attack targets the internal reasoning loop of an AI agent by feeding it crafted language inputs hidden in the web elements ingested from web pages. These hijacks are so dangerous because they exploit the very flexibility that makes the LLMs powerful: bending an agent\u2019s reasoning purely through language, without ever touching its underlying code.<\/p>\n
Building on the previous demo video, we demonstrate how a malicious landing page, in this example a fake login, can be designed to include interactive elements embedding hidden prompt injections. Here we override the agent\u2019s prompts and direct it to watch a legendary video.<\/p>\n
https:\/\/www.imperva.com\/blog\/wp-content\/uploads\/sites\/9\/2025\/06\/Browser-Use-prompt-injection-demo.mp4<\/p>\n
Demo 2: Browser-Use Prompt Injection<\/p>\n
### The Interplay Between Prompt and Perception Hijacking<\/p>\n
**Category** | **Definition** | **Targets** | **Example Techniques** | **Goal**
—|—|—|—|—
**Perception & Interface Hijacking** | Exploits how the agent perceives or interacts with its environment to mislead or trap it. | UI, DOM, browser actions, context | DOM injection, tooltip poisoning, spoofed buttons or domains | Force incorrect actions, leak data, misdirect flow
**Prompt-Based Hijacking** | Manipulates the agent\u2019s internal reasoning by injecting or modifying natural language input. | Prompts, memory, task objectives | Prompt injection, memory poisoning, goal redirection | Subvert agent behaviour, bypass safeguards <\/p>\n
Think of it like this: **p****rompt-based injection messes with the agent ‘s \u201c** _thoughts\u201d_ ,
while **perception & interface hijacking** targets its \u201c**senses\u201d and actions.**<\/p>\n
In browser**-based agents** , you rarely see **prompt injection on its own.** Unlike chatbots that take direct text input, browser agents rely on scraping**and interpreting** page content. This means that for an attacker to inject prompts, they must first manipulate what the agent sees: through the DOM, hidden elements, tooltips, or spoofed content.<\/p>\n
Here, **the web interface becomes the true injection surface**. Malicious instructions are smuggled into page content that the agent is likely to scrape or summarize, turning perception manipulation into a delivery mechanism for hijacking the agent\u2019s internal reasoning. As a result, even though prompt injection and perception hijacking are conceptually distinct, **they are tightly coupled in web environments** , with interface control often being a **prerequisite** for successful prompt-level compromise.<\/p>\n
### Real-World Consequences of Agents Hijacks<\/p>\n
Here is what can happen when attackers take over an AI web agent:<\/p>\n
#### Cross-Site Manipulation<\/p>\n
When an agent loads a page containing hidden scripts or cleverly crafted content, that page can influence the agent\u2019s behaviour on other websites \u2013 much like XSS (Cross-Site Scripting) or CSRF in traditional web security, but here, the \u201cscripting\u201d is done via content that influences the agent\u2019s decision logic.<\/p>\n
In the demo video below, we show how injecting a prompt into the fake login page can manipulate the browser agent into visiting an online shopping site with a pre-authenticated session. We illustrate how the agent can perform malicious actions on the site, including making purchases.<\/p>\n
https:\/\/www.imperva.com\/blog\/wp-content\/uploads\/sites\/9\/2025\/06\/Browser-Use-Prompt-hijacking-demo.mp4<\/p>\n
Demo 3: Browser-Use Malicious Purchases<\/p>\n
#### Unchecked System Commands<\/p>\n
Many agents can execute code or simulate mouse and keyboard events- powerful features that demand strong sandboxing. \u201cSandboxing\u201d means restricting what the agent can do, to contain any damage. Without it, a hijacked agent could wreak havoc on your PC: deleting files, installing malware, or altering critical configurations. Imagine an attacker slipping a malicious instruction into a tool like General Agents ACE, or Claude Computer Use, since they control the Operating System I\/O, they effectively have full system access. Various case studies have shown attacks like these in action, demonstrating how OS\u2019s controlled by LLMs can be compromised in this way [1][2].<\/p>\n
#### Context Leakage and Unauthorized Data Access<\/p>\n
AI agents constantly handle sensitive context: web page content, user prompts, intermediate reasoning, API keys, and session tokens. Context leakage refers to sensitive data slipping out where it shouldn\u2019t, often due to an attack. An agent might carry private info from one step to the next and accidentally reveal it. For example, if an agent logs into a user\u2019s accounts (email, banking, etc.), it will handle credentials or session tokens. Those need to be protected. Multi-agent setups amplify this risk: one compromised agent can become the weak link that exposes the entire chain of tasks. Bellow, we\u2019ll show an example of how hidden context in an agent\u2019s prompt can be leaked to an attacker.<\/p>\n
In the final demo video below, we demonstrate how injecting a prompt into the fake login page can force the browser agent to retrieve local secrets and send them to an attacker-controlled server.<\/p>\n
https:\/\/www.imperva.com\/blog\/wp-content\/uploads\/sites\/9\/2025\/06\/Local-secret-theft-demo.mp4<\/p>\n
Demo 4: Browser-Use Local Secret Theft<\/p>\n
## Cascading Effects in Multi-Agent Workflows<\/p>\n
When AI agents team up, with one fetching web data, another analysing it, and a third updating databases, everything runs like a finely tuned assembly line. But that same modular setup means a breach in just one link can quietly infect the rest. A compromised agent\u2014whether through prompt injection, poisoned memory, or tampered outputs\u2014can hand off malicious instructions or poisoned data to its peers, propagating a silent \u201cinfection\u201d down the chain. Recent research shows how a single hijacked agent can undermine downstream systems, even when each agent seems isolated [3].<\/p>\n
This risk only grows as agents talk to each other using standardized protocols such as **Agent-to-Agent (A2A)** and **Anthropic\u2019s Model Context Protocol (MCP)**. These frameworks make it easy to build and connect multi-agent workflows by defining shared message formats, memory interfaces, and secure context-passing mechanisms. While this standardization lowers the barrier for developers to build complex agentic architectures, it also means that a vulnerability in one agent or protocol implementation can have a far-reaching impact. For example, a malicious instructions hidden in one agent\u2019s JSON context (via MCP) can slip through to other agents without setting off alarms. In effect, while protocols like A2A and MCP are essential enablers of scale and interoperability, they also emphasize the need for **robust validation, filtering, and isolation mechanisms** between agents to prevent the systemic spread of compromised inputs or behaviour.<\/p>\n
As multi-agent ecosystems become the norm, the importance of treating every agent-to-agent interaction as a potential security boundary becomes paramount. Without solid validation, filtering, and isolation at each step, the benefits of composability and reuse can quickly turn into vectors for exploitation.<\/p>\n
## Wrapping Up: Innovate with Caution<\/p>\n
AI web agents like ACE, Browser-Use, Skyvern (and others such as Auto-GPT style bots or OpenAI\u2019s Operator) herald a future of hands-free automation. But as we\u2019ve seen, attackers are also eyeing these agents. A hijacked agent can turn your helpful AI assistant into a weapon against you (or against others). From prompt injection attacks that quietly insert the hacker\u2019s agenda, to cross-site exploits that piggyback on an agent\u2019s browsing, to multi-agent \u201cinfection\u201d that spreads through an entire swarm of bots, the security challenges are real and pressing.<\/p>\n
The good news is that we are not powerless, as the AI community is actively working on defences. Researchers are studying robust prompting techniques and content filters to catch malicious instructions. Companies are exploring constitutional AI and policy-driven agents that refuse risky actions. And the old rules still apply: run agents with the least-privileges they need, sandbox them tightly, and monitor their activity for anomalies.<\/p>\n
In the meantime, if you\u2019re experimenting with AI web agents, stay vigilant. Treat them as you would a new intern with extraordinary powers: supervise closely and train them before fully trusting them on their own. Use test environments, double-check critical steps, and keep humans in the loop for high-risk steps like spending money or deleting data. As we\u2019ve illustrated, a single well-placed attack can make an AI agent go from helpful to harmful in a flash. By understanding these failure modes (prompt injections, cross-site manipulations, sandbox escapes, context leakage, and cascade effects) we can design safer agent systems that boost efficiency, without opening the door for attackers.<\/p>\n
[1] https:\/\/hiddenlayer.com\/innovation-hub\/indirect-prompt-injection-of-claude-computer-use\/<\/p>\n
[2] https:\/\/www.prompt.security\/blog\/claude-computer-use-a-ticking-time-bomb<\/p>\n
[3] https:\/\/splx.ai\/blog\/exploiting-agentic-workflows-prompt-injections-in-multi-agent-ai-systems<\/p>\n
The post The Rise of Agentic AI: Uncovering Security Risks in AI Web Agents appeared first on Blog.\n<\/p><\/div>\n
View Advisory Details<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"Security Update News Update Information Title The Rise of Agentic AI: Uncovering Security Risks in AI Web Agents Update ID IMPERVABLOG:6FA8D68327BFC83E64A2DA4F4A47DF1F Type impervablog Published 2025-06-30T21:38:23…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,34,12,59,13,33,7,11,5],"class_list":["post-7436","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-cvss-00","tag-exploit","tag-impervablog","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n
The Rise of Agentic AI: Uncovering Security Risks in AI Web Agents - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=7436\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Rise of Agentic AI: Uncovering Security Risks in AI Web Agents - zero redgem\" \/>\n<meta property=\"og:description\" content=\"Security Update News Update Information Title The Rise of Agentic AI: Uncovering Security Risks in AI Web Agents Update ID IMPERVABLOG:6FA8D68327BFC83E64A2DA4F4A47DF1F Type impervablog Published 2025-06-30T21:38:23...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=7436\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-06-30T17:30:44+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7436#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7436\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"The Rise of Agentic AI: Uncovering Security Risks in AI Web Agents\",\"datePublished\":\"2025-06-30T17:30:44+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7436\"},\"wordCount\":2153,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-0.0\",\"exploit\",\"impervablog\",\"news\",\"NONE\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_news\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=7436#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7436\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7436\",\"name\":\"The Rise of Agentic AI: Uncovering Security Risks in AI Web Agents - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-06-30T17:30:44+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7436#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=7436\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7436#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The Rise of Agentic AI: Uncovering Security Risks in AI Web Agents\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The Rise of Agentic AI: Uncovering Security Risks in AI Web Agents - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=7436","og_locale":"en_US","og_type":"article","og_title":"The Rise of Agentic AI: Uncovering Security Risks in AI Web Agents - zero redgem","og_description":"Security Update News Update Information Title The Rise of Agentic AI: Uncovering Security Risks in AI Web Agents Update ID IMPERVABLOG:6FA8D68327BFC83E64A2DA4F4A47DF1F Type impervablog Published 2025-06-30T21:38:23...","og_url":"https:\/\/zero.redgem.net\/?p=7436","og_site_name":"zero redgem","article_published_time":"2025-06-30T17:30:44+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=7436#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=7436"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"The Rise of Agentic AI: Uncovering Security Risks in AI Web Agents","datePublished":"2025-06-30T17:30:44+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=7436"},"wordCount":2153,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-0.0","exploit","impervablog","news","NONE","Security","tapic","Vulnerability"],"articleSection":["category_news"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=7436#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=7436","url":"https:\/\/zero.redgem.net\/?p=7436","name":"The Rise of Agentic AI: Uncovering Security Risks in AI Web Agents - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-06-30T17:30:44+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=7436#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=7436"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=7436#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"The Rise of Agentic AI: Uncovering Security Risks in AI Web Agents"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/7436","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7436"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/7436\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7436"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7436"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7436"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}