JSON-LD (JavaScript Object Notation for Linked Data) is a machine-readable format for embedding structured metadata in web pages. Site owners use it to describe things like products, articles, APIs, organizations, or contact details in a way that parsers and crawlers can consume automatically.
In cyber security, JSON-LD matters because automation can trust it too much. Attackers may hide instructions, deceptive descriptions, or poisoned metadata inside structured data so that search systems, retrieval tools, or AI agents read it as authoritative. This can support SEO poisoning, indirect prompt injection, or misleading page classification. Defenders should treat JSON-LD as untrusted input, validate it against strict schemas, and avoid letting it influence sensitive actions without verification. If an agent uses web content to decide on payments, approvals, or other high-impact steps, JSON-LD should be reviewed like any other external input.



