Technology News
English Edition
  • Home
  • Ai
  • Ai News
  • Perplexity’s Comet AI Browser Is Vulnerable to Prompt Injections, Says Brave

Perplexity’s Comet AI Browser Is Vulnerable to Prompt Injections, Says Brave

A study by Brave browser claims that screenshots captured by the AI assistant could contain malicious instructions.

Written by Akash Dutta, Edited by Ketan Pratap | Updated: 22 October 2025 17:02 IST
Perplexity’s Comet AI Browser Is Vulnerable to Prompt Injections, Says Brave

Photo Credit: Perplexity

Brave claims that attackers can get a free hold of the AI browser tools for malicious usage

Click Here to Add Gadgets360 As A Trusted Source As A Preferred Source On Google
Highlights
  • Comet browser allows users to take screenshots of web pages
  • It then allows users to ask questions about the screenshots
  • Attackers can use various techniques to hide the malicious instructions
Advertisement

Perplexity's Comet browser and other artificial intelligence (AI)-powered browsers might be vulnerable to prompt injections, claimed a new study. This study, which was conducted by Brave, claims that they were able to embed malicious instructions into a website and share it with the AI assistant of the browser via screenshots. The study also demonstrates such an attack, which is said to allow hackers to control the AI's browser tools for malicious purposes. It is not known whether OpenAI's ChatGPT Atlas is also vulnerable to such techniques.

AI Browsers Could Be Vulnerable to Prompt Injections

Prompt injections are not a new phenomenon. Ever since the arrival of AI chatbots that operate on the natural language interface, bad actors have been trying to find ways to generate harmful and misleading outputs by hiding malicious instructions in documents, images, and even plain text. These attacks rely on multi-layered instructions and long-chain commands to break the internal safeguards of AI systems.

In the latest study by Brave, which was conducted by the company's Senior Mobile Security Engineer, Artem Chaikin, explored whether the AI assistant of the Comet browser can be tricked into following such malicious instructions. However, delivering the message to the AI assistant is more difficult than a chatbot since the bad actor does not directly control the interface.

In the first experiment, malicious instructions were embedded in the web content using hidden text (these can be text written in background colours, zero-font text, text placed outside the margin, etc). While the user cannot see this text, the AI can process and analyse it. If the user takes a screenshot of the webpage to ask the assistant a query, Comet's text recognition extracts the instructions and automatically begins following them.

In the demonstration, the prompt injection successfully rerouted the webpage to the user's Gmail account and was able to extract sensitive emails and send them to the attacker.

While this is one plausible way to attack a user, it still relies on the victim taking a screenshot of the web page, which is not an efficient method. The researchers also demonstrated a far nefarious method which works whenever a user navigates to the target website.

Here, the researcher embedded malicious visible instructions on the website. But the text is added to the page in a way that most people would not take notice (in this case, it was added as prompt suggestions on an AI chatbot page). If the user asks the AI assistant to visit the website, the browser is said to process the malicious instructions, which are designed to override the user's query and instead start a chain of action. In this case, the instructions were able to take the browser to a social media page and follow the account.

In the study, Brave said that browsers with agentic capabilities can be prompt-injected by a random webpage's content, creating a high risk for users who share the passwords of different websites and even credit card information with the browser. These authenticated privileges are then used against the user.

“This lets simple natural-language instructions on websites (or even just a Reddit comment) trigger cross-domain actions that reach banks, healthcare provider sites, corporate systems, email hosts, and cloud storage,” stated the study.

Notably, Brave said that it had reported the prompt injection vulnerability to Perplexity on October 1 and shared a public disclosure notice the following day.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Perplexity, Comet browser, Brave, AI, Artificial Intelligence, AI Browser
Akash Dutta
Akash Dutta
Akash Dutta is a Chief Sub Editor at Gadgets 360. He is particularly interested in the social impact of technological developments and loves reading about emerging fields such as AI, metaverse, and fediverse. In his free time, he can be seen supporting his favourite football club - Chelsea, watching movies and anime, and sharing passionate opinions on food. More
Kadena Ceases Operations, Says Blockchain Will Run After Foundation Shuts

Related Stories

Perplexity’s Comet AI Browser Is Vulnerable to Prompt Injections, Says Brave
Comment
Facebook Gadgets360 Twitter Share Tweet Snapchat LinkedIn Reddit Comment google-newsGoogle News
Turbo Read

Advertisement

Featured
Follow Us
Latest Videos
More Videos
Tech News in Hindi
More Technology News in Hindi

Advertisement

Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Apple's M5-Powered MacBook Pro 14-inch, iPad Pro Now Available in India
  2. Ek Deewane Ki Deewaniyat OTT Release Reportedly Revealed Online: When and Where to Watch?
  3. JioSaavn Announces 'Limited-Time' Annual Plan: Price, Benefits
  4. Nubia Z80 Ultra Launched With 7,200mAh Battery, Snapdragon 8 Elite Gen 5
  5. OnePlus 15 Price Leaked; Could Be Cheaper Than its Predecessor at Launch
  6. OnePlus 15: Everything We Know Ahead of Its October 27 Launch in China
  7. OnePlus 15 Camera Details Revealed Ahead of October 27 Launch
  8. Samsung Galaxy S26 May Not Launch With a Rebranded Naming Scheme After All
  9. Apple Has Reportedly Slashed iPhone Air Production Due to This Reason
#Latest Stories
  1. Astrophotographer Captures Stunning “Raging Baboon Nebula” in Deep Space
  2. Cambridge Team Uncovers Unexpected Quantum Behaviour in Non-Metal Organic Molecule
  3. New Fossil Teeth Evidence Suggests Herbivorous Dinosaurs Preferred Nutrient-Rich, Textured Plants
  4. Ek Deewane Ki Deewaniyat OTT Release Reportedly Revealed Online: When and Where to Watch?
  5. Final Destination: Bloodlines Now Available for Streaming on JioHotstar
  6. Vash Level 2 Now Streaming Online: Know Where to Watch This Janki Bodiwala Starrer Horror Movie
  7. Apple Working On iOS Framework That Simplifies One-Time App Data Transfers From iPhone to Android
  8. Tether User Base Crosses 500 Million Mark as Stablecoin Supply Nears $182 Billion
  9. Google's Gemini AI Assistant Could Soon Add a Mic Lock Option for Longer Voice Commands: Report
  10. CERT-In Warns Google Chrome Users of High-Severity Remote Code Execution Vulnerability
Gadgets 360 is available in
Follow Us
Download Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.
Trending Products »
Latest Tech News »