AI enabled browsers are popping up all over the place, but they might be vulnerable to a whole new kind of cyberattack.
The Brave browser says that hidden hidden instructions on webpages can cause prompt injection attacks in AI-enabled browsers. “The security vulnerability we found in Perplexity’s Comet browser this summer is not an isolated issue,” the company said on X. It added that it had also found a vulnerability in another browser, but wasn’t releasing it at the company’s request. It said it would provide more details next week.
“Indirect prompt injections are a systemic problem facing Comet and other AI-powered browsers. Today we’re publishing details on more security vulnerabilities we uncovered,” Brave said.
“Indirect prompt injection attacks occur when malicious instructions are hidden in web content like webpages. When an LLM analyzes the content, it obeys the hidden instructions because it believes they’re real commands from the user,” Brave explained. In a blogpost, Brave explained how instructions meant for LLMs can be hidden in images which aren’t visible to the human user. The AI browser implicitly trusts the contents of the webpage it’s been asked to access, and implements the instructions on it. These instructions could be something that the user doesn’t want the browser to do, including visiting malicious webpages or performing actions that could compromise their systems.
“The scariest aspect of these security flaws is that an AI assistant can act with the user’s authenticated privileges. An agentic browser hijacked by a malicious site can access a user’s banking, work email or other sensitive accounts,” Brave added.
Brave’s posted its warnings right when OpenAI had announced its new AI-enabled browser, ChatGPT Atlas. ChatGPT Atlas has many of the AI agentic capabilities that could potentially be vulnerable to such attacks. While OpenAI repeatedly stressed in the livestream that it had taken precautions to make its agentic browsers secure, including having a Logged In and Logged Out mode, with the field itself being so nascent, it would be hard for browser companies to consistently be ahead of hackers who are on the lookout for new avenues to exploit. And with browsers like Perplexity Comet and Fellou having AI-related vulnerabilities, it could be wise to be extremely careful while using AI browsers, at least at the moment.