"Unlike traditional browsers that primarily display content, agentic systems interpret instructions, retain authenticated context, and autonomously execute actions across applications and services. This wider range of capabilities also brings new security risks. Since the AI agent can read content, follow instructions, and act while staying logged in, harmful prompts hidden in everyday life can potentially trigger actions without the user's knowledge."
"Attackers could exploit the vulnerability by hiding harmful content within everyday tasks, such as calendar invitations. The Register noted that Comet's AI agent could access the file:// protocol, allowing it to retrieve files stored on the user's local device. Perplexity didn't put a restriction on the AI agent reaching out to anything on the file system."
Zenity Labs researchers discovered a critical security flaw in Perplexity's Comet AI browser that could enable attackers to access files on users' computers through seemingly innocent calendar invitations. Unlike traditional browsers, agentic browsers interpret instructions, maintain authenticated sessions, and autonomously execute actions across applications. The vulnerability allowed the AI agent to access the file:// protocol without restrictions, retrieving local files. Attackers could hide malicious instructions within everyday content, causing the AI agent to follow commands unknowingly. While Perplexity patched the issue, the incident reveals broader security challenges as AI browser agents become more prevalent, requiring careful guardrails to prevent new attack vectors.
#ai-security-vulnerabilities #agentic-browsers #file-access-exploits #hidden-malicious-instructions #authentication-risks
Read at TechRepublic
Unable to calculate read time
Collection
[
|
...
]