Your AI Browser Could Be Hijacked by a Simple Hidden Message, Researchers Warn
Bitdefender, Friday, August 22nd, 2025
The next generation of AI-powered browsers is moving beyond simple summarization to performing real-world tasks such as booking flights or handling banking requests for users. While this ushers in a whole new world of convenience and efficiency, it also brings various drawbacks, especially concerning security.
As users place more trust in these AI entities, the avenue for exploitation expands. AI agents are now entrusted with logged-in sessions to critical services like healthcare, corporate systems and finance. A simple hallucination or misinterpretation could lead to severe consequences, potentially exposing users' credentials or personal information.
Prompt injection vulnerabilities
During an examination of competitors like Perplexity's Comet browser, Brave researchers uncovered a severe vulnerability: Comet treats webpage content, without distinction, as part of the user's command. This oversight enables so-called indirect prompt injection, where a seemingly benign webpage, or even a Reddit comment with hidden instructions, can manipulate the AI into navigating to sensitive sites, extracting data, or exfiltrating it covertly, all without explicit user consent.