#1
#1 out of 1
technology12h ago
Experts say Perplexity's AI Comet browser can be hijacked to steal your passwords
- A zero-click indirect prompt injection flaw in Perplexity's Comet browser lets attackers exfiltrate data without user interaction.
- Malicious calendar invites could trigger the AI to summarize or act on prompts that access private data and passwords.
- Zenity researchers fixed the issue by restricting file:// access to prevent the agent from reading local files.
- The vulnerability was dubbed PleaseFix by Zenity, reflecting its indirect prompt injection nature.
- Perplexity’s Comet browser is among AI agents now under scrutiny as security controls evolve with AI use.
- Experts warn that AI agents can blur lines between data and instructions, increasing breach risks.
- TechRadar cites multiple security experts noting that the AI browser can be hijacked via calendar events.
- Zenity researchers reinforced that the bug was fixed after responsible disclosure.
- The report underscores a broader risk as AI-enabled browsing grows across devices and workflows.
- TechRadar describes the study as a significant risk for users and organizations relying on AI browsing.
Vote 0