June 10, 2026
Cash app, chaos app
A €0.01 bank transfer could compromise a banking AI agent
One tiny payment, one big panic: commenters say bank AI just became the scammer’s wingman
TLDR: Researchers showed that a bank’s AI assistant could be manipulated by a tiny incoming payment note, potentially turning the app into a believable scam messenger. Commenters were split between laughing at “AI bringing old bugs back” and fuming that chatbots are being trusted with people’s money at all.
A security test at Bunq, the huge European online bank, found something straight out of a tech horror story: an attacker could send a tiny bank transfer and hide sneaky instructions in the payment note, then wait for the bank’s built-in AI helper to accidentally turn that into a convincing scam message. In plain English, the assistant could end up showing a fake “please re-log in” style message inside the banking app itself. That detail is what really set commenters off — because when the warning appears in your own bank app, it suddenly feels a lot more believable.
And oh, the comment section came in hot. One camp was furious that AI is being placed anywhere near people’s money at all, calling it “next level negligence” and basically asking why a chatbot is being allowed to freestyle around financial data. Another crowd went straight for the jokes, with one commenter groaning that after the tech world spent years cleaning up old-school data bugs, AI has apparently brought them back wearing a fake mustache. The funniest line? “There is… a single control… removing the AI agent. Done.” Brutal.
But not everyone was ready to hit the panic button. A few skeptics argued the attack sounds scary but still needs a chain of events: the victim has to get a weird payment, ask the AI about it, and then click the bad link. Even so, the overall vibe was clear: people are deeply uneasy about banks mixing trusted money tools with a system that can be tricked by text from strangers. As one commenter neatly put it, it’s not just about the prompt — it’s about how the prompt gets delivered.
Key Points
- •Blue41 reported finding an indirect prompt injection vulnerability in Bunq’s AI banking assistant and said it helped secure the system.
- •The article says an attacker could initiate the proof of concept by sending a very small bank transfer with a crafted payload in the transaction description.
- •When a user later asked the assistant to summarize recent transactions, the malicious transaction text could be retrieved into the LLM context and influence the assistant’s response.
- •In Blue41’s controlled demonstration, the assistant generated a credible phishing-style reauthentication message inside the bank’s own application.
- •The article presents the issue as a broader architectural challenge for financial institutions using AI assistants over untrusted data sources such as transactions, documents, and messages.