Saralnama
Researchers at Brave have identified a security vulnerability in Perplexity’s Comet AI browser that allows attackers to exploit indirect prompt injection by embedding malicious instructions within webpage content. This flaw enables the AI agent to misinterpret webpage text as user commands when asked to summarize pages, potentially exposing sensitive data such as emails, banking passwords, and one-time passwords. Brave demonstrated how hidden prompts in Reddit comments could trick Comet into retrieving and revealing a Gmail OTP. Although Perplexity acknowledged the issue and issued a patch, Brave’s follow-up tests indicate the vulnerability persists. The flaw arises because Comet does not clearly separate user instructions from untrusted webpage content, raising concerns about privacy and security in agentic AI browsers that autonomously perform tasks on behalf of users. Brave recommends that Perplexity improve the browser’s handling of user commands and require explicit user interaction for sensitive actions. No real-world exploitation cases have been reported so far. The Indian Express has sought comment from Perplexity. This discovery highlights ongoing security challenges in emerging AI-powered browsing technologies. (Updated 25 Aug 2025, 15:31 IST; source: link)