In simple terms, the AI company named Perplexity, which aims to compensate publishers for their copied content, unveiled a novel web browser titled “Comet” in July. This browser came equipped with a notable monthly subscription fee of $200, accessible only to certain users holding Perplexity Max and some Perplexity Pro subscriptions.
As a tech enthusiast, I was excited to hear about Comet’s robust security, privacy, and compliance standards that are inherently integrated into its core. However, recent findings by Brave and Guardio, as reported by Tom’s Hardware, have raised concerns about potential security vulnerabilities in the AI-powered browser.
On August 20, Artem Chaikin, a Senior Mobile Security Engineer at Brave, and Shivan Kaul Sahib, the VP of Privacy and Security, stated in their report that they found potential weaknesses when examining how the AI integration within the Brave browser compared to other systems.
Leo, the AI assistant integrated within Brave, is in progress to incorporate features that enable it to surf the web on your behalf, effectively functioning as your digital representative. Brave highlights that this proactive browsing comes with substantial power but also raises important concerns about security and privacy.
During development, we examine our product alongside other artificial intelligence browsers, such as Nanobrowser (an open-source browser extension) and Perplexity’s Comet. Should any weaknesses be found within Comet, we promptly notify the developers at Perplexity about them.
The issue at hand pertains to Comet’s method of handling webpage content during summarization: it fails to differentiate between user instructions and potential harmful content from the webpage, thereby feeding both directly into its Language Learning Model (LLM). This oversight creates an opportunity for attackers to insert hidden commands in the form of prompt injection payloads. For example, a malicious actor could surreptitiously access a user’s emails through a carefully crafted text on another tab.
Artem Chaikin, Shivan Kaul Sahib (Brave)
Brave elaborates on the factors that make this issue vulnerable, and surprisingly, even a novice could potentially misuse it. A user browsing a webpage containing harmful content may employ an AI helper to sum up the information.
The AI assistant collects both harmless and harmful content together for processing. However, due to its inability to discern between safe and unsafe programming codes, it unintentionally executes the harmful instructions.
When gathering content for processing, the AI assistant doesn’t know the difference between safe and harmful data. So, it might unwittingly follow the wrong directions when it comes across malicious code.
As a tech enthusiast, I’ve learned that browsers like Brave are warning us about the potential risks of malicious commands. These commands could be used to swipe our passwords, banking details, and other sensitive information stored within the browser. Here’s an illustrative example: When AI is utilized to summarize a Reddit post, there’s a chance that it might unknowingly infiltrate associated email accounts and linked services. So, it’s crucial to stay vigilant and safeguard our digital footprint!
Instead of traditional web vulnerabilities that usually target specific sites and demand intricate exploitation, this attack method allows for cross-domain access using straightforward, conversational commands embedded within websites. These malicious commands could potentially be inserted into user-generated content on sites the attacker doesn’t manage, such as a harmful instruction hidden in a Reddit comment. This attack is unique because it interacts indirectly and affects all browsers on a given device, not just individual websites.
Artem Chaikin, Shivan Kaul Sahib (Brave)
The study conducted by Guardio, titled “Scamlexity” (published on August 20), finds similar results to those discovered by Brave in their research related to AI browsers. In simpler terms, both studies show comparable findings about the use of artificial intelligence browsers.
Guardio chose Comet as its principal test subject, initiating the testing procedure with schemes that have long been active in human experience, which are generally simple for people to identify as fraudulent.
Researchers at Guardio observed Perplexity AI carrying out a simulated purchase following these steps: It was instructed to buy an Apple Watch, then it scanned through a seemingly fraudulent Walmart webpage (devised by the researchers), added the Apple Watch to its virtual cart, utilized stored credit card and billing information for payment, and completed the checkout process.
As a researcher, I find myself regrettably reflecting on an instance where one simple prompt unleashed a series of actions without any human intervention. In this case, what seemed like an innocuous action led to significant consequences – my anticipated Apple Watch arrived prematurely, but not in the way I had hoped. Unbeknownst to me, during those few moments of automated browsing, scammers had taken advantage of the situation and spent money that wasn’t meant for them.
Nati Tal, Shaked Chen (Guardio)
Guardio points out that the test was run multiple times, during which Comet sometimes rejected commands due to security reasons. On other occasions, it halted at the final stage, requiring a human to complete the process. However, there were instances where it fell for the trap and provided its credentials to potential fraudsters.
Additionally, Guardio evaluated the ability of Comet to handle fraudulent banking emails disguised as Wells Fargo communications. They simulated this by impersonating a Wells Fargo employee and utilizing a suspiciously false ProtonMail account. Subsequently, they transmitted a link leading to an active phishing site.
The AI assistant from the Comet site promptly navigated to the provided link and proposed assisting the user by giving away their sensitive information to potential scammers.
The outcome: a reliable trust chain turned deceitful. By managing the entire process from email to website, Comet essentially endorsed the fraudulent login page. The user was unaware of the questionable sender’s address, never scrutinized the link, and didn’t get a chance to doubt the domain. Instead, they were immediately directed to what seemed like a genuine Wells Fargo login page. Since it arrived via their trusted AI, it felt secure.
Nati Tal, Shaked Chen (Guardio)
According to Guardio, our innate human instincts, developed over time to recognize phishing attempts, become irrelevant when artificial intelligence manages the decision-making process.
Microsoft Edge’s new Copilot Mode is a lot like Comet
There are other AI-driven browsers available besides Perplexity’s Comet browser. For instance, The Browser Company has shifted its focus from the Arc browser and moved towards developing an AI browser called Dia. Additionally, there are whispers that OpenAI might be working on a browser with autonomous capabilities as well.
Microsoft is joining the fray as well, unveiling on July 28 an innovative and experimental feature dubbed “Copilot Mode” for its Edge browser. For a limited period, this AI-enhanced Edge experience will be available free of charge. Notably, Microsoft has highlighted several features that share resemblance with those that led to Comet’s predicament.
In simpler terms, Zac Bowden from Windows Central explains that the Copilot feature in Microsoft Edge has expanded its capabilities. Now, it not only monitors the address bar and new tab page but can also analyze websites or documents you’re viewing across all your open tabs. Furthermore, this feature provides contextual actions or suggestions based on your entire active browsing session, rather than just a single tab.
Potential worry? Not always. However, at this point, I wouldn’t rely on AI for managing my web browsing just yet.
Read More
- Gold Rate Forecast
- Marvel’s AI Character Raises Alarming Questions
- The Cuphead Show Creator Wants a Hazbin Hotel Crossover
- USD UAH PREDICTION
- GBP USD PREDICTION
- EUR CAD PREDICTION
- USD AUD PREDICTION
- Ozzy Osbourne and the Memecoin Madness: When Death Becomes a Crypto Trend
- EUR CHF PREDICTION
- USD BRL PREDICTION
2025-08-30 17:10