Researchers have uncovered a new cybersecurity threat called CometJacking that targets Perplexity’s agentic AI browser, Comet. The attack involves injecting malicious prompts into seemingly harmless links, which when clicked, execute unauthorized commands within the AI environment. This technique enables attackers to siphon sensitive user data, including information held in linked services such as email and calendar.
The risk of this attack lies in its stealth and simplicity, as users may unknowingly trigger these payloads by interacting with what appear to be safe links. Since this exploits prompt injection in advanced AI systems, traditional security measures may be insufficient to detect or prevent the breach. The broader implication raises concerns about the security posture of AI-integrated applications and the need for hardened defenses against sophisticated prompt-level attacks.
Organizations using agentic AI browsers must assess their exposure to such vulnerabilities and implement safeguards to control or sanitize external inputs. The emerging threat underscores the necessity for continual cybersecurity research focused on AI frameworks, ensuring user data privacy and integrity amid increasingly complex attack methods.
👉 Pročitaj original: The Hacker News
