Techly NewsGet the app

Get the latest tech news

Perplexity's AI Browser Comet Vulnerable To Prompt Injection Attacks That Hijack User Accounts


Security researchers have uncovered critical vulnerabilities in Perplexity's Comet browser that enable attackers to hijack user accounts and execute malicious code through the browser's AI summarization features. The flaws, discovered independently by Brave and Guardio Labs, exploit indirect prompt ...

The flaws, discovered independently by Brave and Guardio Labs, exploit indirect prompt injection attacks that bypass traditional web security mechanisms when users request webpage summaries.Brave demonstrated account takeover through a malicious Reddit post that compromised Perplexity accounts when summarized. The vulnerability allows attackers to embed commands in webpage content that the browser's large language model executes with full user privileges across authenticated sessions. Guardio's testing found the browser would complete phishing transactions and prompt users for banking credentials without warning indicators.

Get the Android app

Or read this on Slashdot

Read more on:

Photo of Perplexity

Perplexity

Photo of hijack user accounts

hijack user accounts

Photo of ai browser comet

ai browser comet

Related news:

News photo

Perplexity to Let Publishers Share in Revenue from AI Searches

News photo

Perplexity's Comet AI browser could expose your data to attackers - here's how

News photo

Perplexity's Comet browser naively processed pages with evil instructions

« The MiniPC Revolution
A visual introduction to big O notation »