Many tech companies are racing to create smarter web browsers powered by artificial intelligence. One of the most talked-about is Perplexity’s Comet, which claims to be a “personal assistant and thinking partner” while you browse the internet. But this innovation comes with serious security risks.

What’s Wrong with AI Browsers Like Comet?

Brave, a privacy-focused browser company, recently pointed out a big flaw in Comet’s design. The problem is called an indirect prompt injection attack. Basically, it’s a way for bad actors to trick the AI into following malicious commands hidden in web pages.

When users ask Comet to summarize a webpage, the browser feeds parts of that page directly to its large language model. The issue is that it doesn’t tell the AI to ignore certain content or separate instructions from the webpage itself. This means attackers can embed secret commands in websites, which the AI then blindly follows.

How Could This Be Exploited?

Imagine a hacker hiding instructions inside a Reddit or Facebook post. The text might be in white on a white background, so you don’t see it. But Comet’s AI can read it, thinking it’s part of the webpage content. The AI then treats these hidden instructions as user requests.

For example, a malicious instruction might tell the AI to access your email or banking info stored in the browser. Since the AI operates with full privileges during your session, it could navigate to sensitive sites and perform actions like transferring money or revealing private data.

Brave demonstrated how this attack could work in a real-world scenario. In a screen recording, the AI was tricked into opening a user’s Gmail account and extracting a one-time password, giving hackers full access to that account. This shows how vulnerable AI-powered browsers can be to simple tricks.

The Bigger Security Concerns for AI Tools

This isn’t just about Comet. Other AI tools like ChatGPT and Microsoft’s Copilot have also shown vulnerabilities. Researchers found that sensitive information from Google Drive can be stolen through flaws in ChatGPT. Similarly, Copilot has been manipulated to reveal private emails and bank details.

The problem is that these AI systems can be exploited easily, even by people without advanced programming skills. All they need is to craft clever hidden instructions or prompts, and they could access confidential information or control accounts.

Brave reported that it found and warned Perplexity about this security gap back in July. The company said the issue appears to have been fixed earlier this month. Still, the risk highlights a need for better security in AI browsers and tools.

The main concern is that current security assumptions don’t hold up when dealing with AI that can process webpage content. Traditional safeguards aren’t enough, and new security frameworks are needed to protect users from these kinds of attacks.

In the wider tech world, similar vulnerabilities have been found. For example, researchers discovered that attackers could trick ChatGPT into leaking sensitive data from cloud storage. This shows that AI systems are increasingly targeted as they become more embedded in daily tech.

The rise of AI browsers and tools makes cybersecurity more complicated. These systems can be manipulated with relative ease, and malicious actors don’t need deep technical knowledge to launch attacks. That’s a worrying trend for anyone relying on AI for work or personal use.

Despite the security challenges, many companies are rushing to improve AI browser features. The hope is to build smarter, faster, and safer tools. But as these examples show, security must be a top priority before these innovations become widespread.

In the end, the development of AI browsers must go hand-in-hand with robust safeguards. Otherwise, the convenience of smarter browsing could come at the cost of users’ privacy and security. It’s a reminder that even the most advanced tech can have vulnerabilities, especially when the security risks are hidden in plain sight.

Inspired by

• https://futurism.com/ai-browser-hackers-drain-bank-account-public-reddit-post

Sources

• gmpg.org
• perplexity.ai
• brave.com
• wired.com
• wired.com