Cyber security researchers have revealed the details of a new attack Comet To target AI browser comet, agent of periplexity by embedding malicious indications within malicious indications for siphon sensitive data, including connected services such as email and calendar.
The sneaky quick injection attack plays as a malicious link, which, when clicking, unknowingly triggers unexpected behavior for the victims.
https://www.youtube.com/watch?v=n8vlom- MUSC
“Committezacking suggests how a single, armed URL quietly flipped an AI browser for the threat of an internal formula from an reliable co-pilot,” Safety Research chief Michel Levi said in a statement shared with hacker news.
“It’s not just about stealing data; it is about kidnapping the agent that already has keys. Our research proves that the trivial obfuction data can bypass exfiltration checks and draw email, calendar, and connector data off-box into one click. Is required.
The attack, briefly, kidnaps the AI Assistant in the browser, which is embedded in the browser to steal data by ignoring the data protection of perplexity using the Trivial Base 64-Enkoding Tricks. The attack does not include any credential theft component as the browser already has access to Gmail, Calendar and other connected services.
It exceeds five stages, active when a victim clicks on a particularly prepared URL, either sent to the fishing email or is present in the web page. Instead of taking the user to the “intended” destination, the URL comes to the browser’s AI to execute a hidden prompt, which captures the user’s data, says, using Gmail, Base64-Encoding uses it using the information, and broadcasts information up to an ended point under the control of the attacker.
The URL prepared is a query string directed on the comate AI browser, adding the malicious instructions using the “collection” parameters of the URL, consulting his memory instead of searching a live web web.
While Perplexity classified the findings as “no safety effects”, they once again highlight how AI-original equipment introduces new security risks that can find around traditional defense, allow evil actors to make them commander to bid, and use users and organizations to the users and organizations to stole possible data in this process.
In August 2020, Guardio Labs revealed the technique of an attack, with scamlexity, in which browsers such as comets can be cheated by danger in interaction with a fish user’s knowledge or intervention without knowledge or intervention of human user.
“The AI browser is the next venture battleground,” or said the CEO of LARX. “When an attacker can direct your assistant with a link, the browser becomes a command-end-control point within the company’s circumference. Organizations should immediately evaluate controls that detect and neutralize the malicious agents before these POCs are comprehensive campaign.”
