Building on our previous disclosure of the Perplexity Comet vulnerability, we’ve continued our security research across the agentic browser landscape. What we’ve found confirms our initial concerns: indirect prompt injection is not an isolated issue, but a systemic challenge facing the entire category of AI-powered browsers. This post examines additional attack vectors we’ve identified and tested across different implementations. On request, we are withholding one additional vulnerability found in another browser for now. We plan on providing more details next week. As we’ve written before, AI-powered browsers that can take actions on your behalf are powerful yet extremely risky. If you’re signed into sensitive accounts like your bank or your email provider in your browser, simply summarizing a Reddit post could result in an attacker being able to steal money or your private data.

Full analysis : Researchers detail systemic vulnerabilities in AI agentic browsers, including Perplexity’s Comet and Fellou, related to indirect prompt injection attacks.