Cato Networks to Present Fragment-Based Prompt Injection Technique at Ekoparty Security Conference

Cato CTRL to show how URL fragments can hijack AI browser assistants

TEL AVIV, Israel, May 20, 2026 – Cato Networks, delivering the leading network security platform for the AI era, today announced that Vitaly Simonovich (Threat Intelligence Researcher at Cato Networks and member of Cato CTRL) will present at the Ekoparty Security Conference in Miami.

The session, “HashJack: Exploiting URL Fragments to Hijack AI Browser Assistants” (May 22, 2026, at 11:20 AM ET), will explore HashJack, an indirect prompt-injection technique that injects malicious instructions into URL fragments to hijack AI browser assistants.

AI browser assistants can now read web pages and act on behalf of users, creating new security risks for organizations adopting AI-assisted browsing and web applications. Though URL fragments never leave the client, many AI browsers include the entire URL, fragment and all, when building assistant context. This can allow attackers to use legitimate sites as an attack vector, steering AI conversations when users follow malicious links and open the assistant.

During the session, Simonovich will walk through real test scenarios across multiple AI browsers, map HashJack to existing AppSec concepts, and explain why network and server defenses miss the technique. Attendees will leave with concrete guidance on reproducing the attack safely, building regression tests, and hardening AI-assisted browsing and web applications against fragment-based prompt injection.

To learn more about Cato’s threat intelligence team, visit the Cato CTRL page.

Resources

• [Photo] Vitaly Simonovich

About Cato CTRL

Cato CTRL (Cyber Threats Research Lab) is the world’s first CTI group to fuse threat intelligence with granular network insight, made possible by Cato’s global SASE platform. By bringing together dozens of former military intelligence analysts, researchers, data scientists, academics, and industry-recognized security professionals, Cato CTRL utilizes network data, security stack data, hundreds of security feeds, human intelligence operations, AI (Artificial Intelligence), and ML (Machine Learning) to shed light on the latest cyber threats and threat actors.

About Cato Networks

Cato Networks, a leader in SASE and AI security, delivers secure, zero-trust access everywhere to thousands of customers worldwide. Built for organizations operating across all cloud and hybrid environments, the Cato SASE Platform unifies networking, security, and access, providing them as elastic, modular capabilities that organizations can easily adopt and grow over time. Cato combines the Cato Cloud, a purpose-built global network, with simplified operational experience, all delivered across a robust, AI-driven platform. With Cato, organizations modernize confidently, operate with greater resilience, and innovate faster, without added complexity or risk.

Want to learn why thousands of organizations secure their future with Cato? Visit us at www.catonetworks.com.

Media Contact

Cato Communications

press@catonetworks.com