Recently Perplexity launched a new AI based web browser called Comet. The specialty of this browser is that it has an artificial intelligence assistant. This assistant can summarise a webpage, read emails or calendar and give a short form of it. It also can do many things on the internet for you on its own, but a big problem came up with it.
Researchers from another browser company Brave found that Comet had a major problem. Because of this problem any hacker or bad person could insert hidden instructions into a website. When a user opens that website and gives a command like “make a summary of this page” to Comet, the browser considers that hidden message as a real command. In technical language, this is called indirect prompt injection.
This means that the user only asked for a summary of the webpage, but the browser could be fraudulently instructed to extract the user’s personal information and send it to someone else. The researchers showed in the demo that Comet could be misled in this way to extract anyone’s email address, login to Gmail and even get one time password or OTP. Imagine, if it went into the wrong hands, people could lose their bank accounts, passwords and many personal information.
ALSO READ: Google to replace Google Assistant with Gemini for Home, more information on Oct 1
This issue is also problematic because traditional internet security rules, such as Same Origin Policy or Cross Origin Resource Sharing, do not work in this situation. Here the game was of language, and AI does not have enough understanding to know which instruction is real and which has been inserted fraudulently.
Brave reported this problem to Perplexity on August 11. The problem was not fixed till August 20, but later the company confirmed that it has now been fixed. A Perplexity spokesperson said that their team and people from Brave made immediate corrections and they also have a reward program for such cases so that flaws can be caught quickly in the future.
This is important because nowadays we all save passwords on the Internet, use banking apps, keep very personal information in our email accounts. When AI-based browsers start working for us on their own, we trust them. But if AI can be cheated, then our personal information can easily be leaked. This is a warning that AI is very powerful, but it cannot make a thoughtful decision like a human. It accepts whatever command it gets no matter it is real or hidden.
Therefore, it is important for users to be cautious while using new technologies. Until companies strengthen security and become transparent, we need to remain cautious with our personal information.
