The new AI-powered web browser from Perplexity, Comet, suffered from a security flaw that left its users vulnerable to significant attacks, particularly a phishing scam.
The vulnerability was discovered by a competing web browser company, which alerted Perplexity. The issue has since been fixed.
Perplexity’s Comet AI Web Browser Left Users Vulnerable
Brave, a web browser company, shared a report last week that details a vulnerability they discovered in Perplexity’s latest AI-powered web browser, Comet, which could have left users facing significant threats.
The company revealed that the Perplexity Comet browser’s AI assistant was subject to being manipulated by threat actors through prompt engineering.
Comet’s built-in AI assistant could scan a page users looked for and summarize it. It can even go as far as to perform tasks, according to CNET.
Because of this capability alone, threat actors have targeted it by manipulating the content it reads or processes for users. Threat actors then command the AI assistant to reveal sensitive information about its user.
The issue has now been fixed by Perplexity, according to a statement, and the company revealed that it worked closely with Brave to mitigate the issues.
Perplexity Comet’s Security Flaw: Invisible Prompt
In a test done by Brave, the company created a Reddit page with invisible text and asked Comet to summarize it for them. The AI failed to differentiate the malicious prompts that it processed and revealed a user’s sensitive information to them.
This hidden text pushed Comet to lead Brave to a user’s account, and from there, it was able to obtain their Gmail account.
This is called an invisible prompt, and it is what bad actors use to manipulate AI to enact phishing scams.
AI and the Security Issues Present
The internet is not a safe place as many attacks hide in plain sight and could potentially cause significant damage to users. However, the rise of generative AI and its immense popularity have led to many bad actors using them to harm others, with many AI scams positioning themselves by using SEO techniques to be better see in search results.
Different platforms have had their security troubles and vulnerabilities over the years, with OpenAI’s ChatGPT being among the top targeted platforms as many have turned towards its services.
Many global institutions have already braced themselves for the possible threats that could emerge from the continued use of generative AI, particularly with security breaches that may stem from the technology.
Perplexity’s Comet is only one of the many platforms that have experienced potential security vulnerabilities that, if not caught, could have had significant implications against its users.