National Cyber Warfare Foundation (NCWF)

Prompt Injection in AI Browsers
0 user ratings		2025-11-11 13:57:07
milo
Blue Team (CND)

This is why AIs are not ready to be personal assistants:



A new attack called ‘CometJacking’ exploits URL parameters to pass to Perplexity’s Comet AI browser hidden instructions that allow access to sensitive data from connected services, like email and calendar.


In a realistic scenario, no credentials or user interaction are required and a threat actor can leverage the attack by simply exposing a maliciously crafted URL to targeted users.


[…]


CometJacking is a prompt-injection attack where the query string processed by the Comet AI browser contains malicious instructions added using the ‘collection’ parameter of the URL...



The post Prompt Injection in AI Browsers appeared first on Security Boulevard.



Bruce Schneier

Source: Security Boulevard
Source Link: https://securityboulevard.com/2025/11/prompt-injection-in-ai-browsers/

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Blue Team (CND)


Copyright 2012 through 2025 - National Cyber Warfare Foundation - All rights reserved worldwide.