Researchers have identified serious security problems with Perplexity’s AI-driven browser, Comet, which jeopardizes users’ personal information.
According to Brave, a company focused on privacy in search and browsing, cyber attackers can easily exploit the Comet browser to access and steal user data via prompt injection techniques.
Comet, like other agentic browsers, struggles to tell the difference between what users want and harmful instructions from attackers.
This oversight can lead to the exposure of sensitive details such as names, email addresses, and locations to malicious actors.
Although Perplexity claims to have resolved the issues after working with Brave, this incident underscores the significant security challenges that AI-based browsers can present.
Brave recently conducted research on the security and privacy of agentic browsers and found critical vulnerabilities in Comet.
During their tests, Brave used a Reddit page containing hidden or malicious instructions and asked Comet to summarize the webpage.
In doing so, Comet began to process hidden texts, including instructions that could lead to extracting the user’s email address, logging into that email, receiving one-time passwords (OTPs), and retrieving both the email and OTP.
These hidden instructions act as a method for prompt injection, enabling attackers to gain access to users’ email addresses and OTPs, which they could then exploit for malicious purposes.
Brave explained the flaw, stating that the problem lies in how Comet handles webpage content. When users request a summary, Comet processes parts of the webpage without distinguishing between legitimate user instructions and potentially harmful content.
This vulnerability allows attackers to insert indirect prompt injection commands that the AI might execute unknowingly. For example, an attacker could access a user’s emails through a crafted text from another open tab.
Brave shared their findings on X, stating that they had discovered a troubling flaw in the Comet browser that endangered users’ accounts and sensitive information.
After uncovering the security issues, Brave offered specific recommendations to Perplexity to address the vulnerabilities. They suggested that the browser should be capable of distinguishing between webpage content and user commands.
Additionally, the AI model should evaluate whether user intentions align with its actions. It should also seek confirmation before carrying out tasks related to security and privacy, such as sending emails. Lastly, maintaining a clear separation between agentic and standard browsing contexts was advised.
Perplexity acknowledged the vulnerability found by Brave and began implementing initial fixes. The company later announced that the issue had been resolved, stating that they worked closely with Brave to identify and correct the flaw. However, Brave continued to test for additional vulnerabilities and evaluate the mitigation strategies.
This situation is significant for users because Comet represents a shift from traditional browsing by incorporating AI features, enhancing the user experience and providing better search results.
However, the recent security incidents serve as a critical reminder of the potential data privacy risks associated with using AI-based browsers and tools.
Therefore, users should remain vigilant and cautious when sharing personal information with AI applications.
Other Stories You May Like