Courageous disclosed safety vulnerabilities in AI browsers that would permit malicious web sites to hijack AI assistants and entry delicate consumer accounts.
The problems have an effect on Perplexity Comet, Fellou, and doubtlessly different AI browsers that may take actions on behalf of customers.
The vulnerabilities stem from oblique immediate injection assaults the place web sites embed hidden directions that AI browsers course of as legit consumer instructions. Courageous printed the findings after reporting the problems to affected firms.
What Courageous Discovered
Perplexity Comet Vulnerability
Comet’s screenshot characteristic could be exploited by embedding almost invisible textual content in webpages.
When customers take screenshots to ask questions, the AI extracts hidden textual content utilizing what seems to be OCR and processes it as instructions reasonably than untrusted content material.
Courageous notes Comet isn’t open-source, so this habits is inferred and may’t be verified from supply code.
The hidden directions use faint colours that people can barely see however AI methods extract and execute. This lets attackers challenge instructions to the AI assistant with out the consumer’s data.
Fellou Navigation Vulnerability
Fellou browser sends webpage content material to its AI system when customers navigate to a website.
Asking the AI assistant to go to a webpage causes the browser to cross the web page’s seen content material to the AI in a approach that lets the webpage textual content override consumer intent.
This implies visiting a malicious website may set off unintended AI actions with out requiring specific consumer interplay with the AI assistant.
Entry To Delicate Accounts
The vulnerabilities turn into harmful as a result of AI assistants function with consumer authentication privileges.
A hijacked AI browser can entry banking websites, e-mail suppliers, work methods, and cloud storage the place customers stay logged in.
Courageous notes that even summarizing a Reddit submit may end in attackers stealing cash or personal knowledge if the submit comprises hidden malicious directions.
Trade Context
Courageous describes oblique immediate injection as a systemic problem dealing with AI browsers reasonably than an remoted challenge.
The issue revolves round AI methods failing to tell apart between trusted consumer enter and untrusted webpage content material when setting up prompts.
Courageous is withholding particulars of 1 further vulnerability present in one other browser till subsequent week.
Why This Issues
Courageous argues that conventional internet safety fashions break when AI brokers act on behalf of customers.
Pure language directions on any webpage can set off cross-domain actions reaching banks, healthcare suppliers, company methods, and e-mail hosts.
Similar-origin coverage protections turn into irrelevant as a result of AI assistants execute with full consumer privileges throughout all authenticated websites.
The disclosure arrives the identical day OpenAI launched ChatGPT Atlas with agent mode capabilities, highlighting the stress between AI browser performance and safety.
Individuals utilizing AI browsers with agent options face a tradeoff between automation capabilities and publicity to those systemic vulnerabilities.
Wanting Forward
Courageous’s analysis continues with further findings scheduled for disclosure subsequent week.
The corporate indicated it’s exploring longer-term options to handle the belief boundary issues in agentic looking.
Featured Picture: Who’s Danny/Shutterstock
