Comet, Perplexity's new AI-powered web browser, recently suffered from a significant security vulnerability, according to a blog post last week from Brave, a competing web browser company. The vulnerability has since been fixed, but it points to the challenges of incorporating large language models into web browsers.
Unlike traditional web browsers, Comet has an AI assistant built in. This assistant can scan the page you're looking at, summarize its contents or perform tasks for you. The problem is that Comet's AI assistant is built on the same technology as other AI chatbots, like ChatGPT.
AI chatbots can't think and reason the same way humans can, and if they read a piece of content meant to manipulate its output, it may end up following through. This is known as prompt engineering.
(Disclosure: Ziff Davis, CNET's parent company, in April filed a lawsuit against OpenAI, alleging it infringed Ziff Davis copyrights in training and operating its AI systems.)
A representative for Brave didn't immediately respond to a request for comment.
AI companies try to mitigate the manipulation of AI chatbots, but that can be tricky, as bad actors always look at novel ways to break through protections.
"This vulnerability is fixed," said Jesse Dwyer, Perplexity's head of communications in a statement. "We have a pretty robust bounty program, and we worked directly with Brave to identify and repair it."
Test used hidden text on Reddit
In its testing, Brave set up a Reddit page with invisible text on the screen and asked Comet to summarize the on-screen content. As the AI processed the page's content, it couldn't distinguish between the malicious prompts and began feeding Brave's testers sensitive information.
In this case, the hidden text enabled Comet's AI assistant to navigate to a user's Perplexity account, extract the associated email address, and navigate to a Gmail account. The AI agent was essentially acting as an actual user, meaning that traditional security methods weren't working.
... continue reading