Agentic Browser Security: Indirect Prompt Injection in Perplexity Comet
18 days ago
- #Privacy
- #Browser Vulnerabilities
- #AI Security
- Brave is developing an AI assistant, Leo, capable of autonomous browsing and transactions, raising security and privacy concerns.
- A vulnerability in Perplexity's Comet browser allows indirect prompt injection, where hidden malicious instructions on a webpage can manipulate the AI.
- Attackers can embed instructions in web content, leading the AI to perform unauthorized actions like accessing sensitive data or logging into accounts.
- Traditional web security measures like same-origin policy (SOP) are ineffective against AI-driven cross-domain attacks initiated by natural language commands.
- Mitigation strategies include distinguishing user instructions from webpage content, requiring user interaction for sensitive actions, and isolating agentic browsing from regular browsing.
- Brave emphasizes the need for robust security and privacy protections in agentic browsers to prevent misuse and protect user data.