Recently, Comet, an AI-driven browser, was exposed to a critical security vulnerability. This flaw could enable the processing of unauthenticated inputs, particularly when requesting summaries of webpage content, potentially executing malicious code and thereby enabling indirect prompt injection attacks. The security team of a rival browser discovered the vulnerability and promptly reported it to Comet's parent company, Perplexity. Researchers have emphasized that AI systems often struggle to distinguish between legitimate user instructions and untrustworthy content, posing significant security risks. Comparable issues have been noted in other AI-powered products as well. To date, Perplexity has not yet released a statement concerning the patch for this vulnerability.
