Techly NewsGet the app

Get the latest tech news

Agentic Browser Security: Indirect Prompt Injection in Perplexity Comet


The attack we developed shows that traditional Web security assumptions don't hold for agentic AI, and that we need new security and privacy architectures for agentic browsing.

Exploit: The injected commands instruct the AI to use its browser tools maliciously, for example navigating to the user’s banking site, extracting saved passwords, or exfiltrating sensitive information to an attacker-controlled server. The AI operates with the user’s full privileges across authenticated sessions, providing potential access to banking accounts, corporate systems, private emails, cloud storage, and other services. Unlike traditional Web vulnerabilities that typically affect individual sites or require complex exploitation, this attack enables cross-domain access through simple, natural language instructions embedded in websites.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Perplexity Comet

Perplexity Comet

Related news:

News photo

Show HN: Open source alternative to Perplexity Comet

News photo

Comet Browser by Perplexity

« Show HN: Port Kill – A lightweight macOS status bar development port monitor
How to build a coding agent »