To the surprise of no one in the security industry, processing untrusted, unvalidated input is a bad idea.

Until about a week ago, Perplexity's AI-based Comet browser did just that – asked to summarize a web page, the AI-powered browser would ingest the text on the page, no questions asked, and process it.

And if the page text – visible or hidden – happened to include malicious instructions, Comet would attempt to comply, carrying out what's known as an indirect prompt injection attack.

Rival browser maker Brave, which has its own AI service called Leo, discovered the vulnerability when comparing Leo to other browser AI implementations, according to Artem Chaikin, senior mobile security engineer, and Shivan Kaul Sahib, VP of privacy and security.

"While looking at Comet, we discovered

See Full Page