Perplexity’s Comet AI Web Browser Had a Main Safety Vulnerability

Comet, Perplexity’s new AI-powered net browser, lately suffered from a major safety vulnerability, based on a blog post last week from Brave, a competing net browser firm. The vulnerability has since been fastened, nevertheless it factors to the challenges of incorporating massive language fashions into net browsers.

Unlike conventional net browsers, Comet has an AI assistant inbuilt. This assistant can scan the web page you are taking a look at, summarize its contents or carry out duties for you. The downside is that Comet’s AI assistant is constructed on the identical expertise as different AI chatbots, like ChatGPT. 

AI chatbots cannot suppose and motive the identical means people can, and in the event that they learn a chunk of content material meant to govern its output, it might find yourself following by. This is called immediate engineering. 

(Disclosure: Ziff Davis, CNET’s father or mother firm, in April filed a lawsuit in opposition to OpenAI, alleging it infringed Ziff Davis copyrights in coaching and working its AI techniques.)

A consultant for Brave did not instantly reply to a request for remark. 

AI firms attempt to mitigate the manipulation of AI chatbots, however that may be difficult, as unhealthy actors all the time have a look at novel methods to interrupt by protections. 

“This vulnerability is fixed,” mentioned Jesse Dwyer, Perplexity’s head of communications in an announcement. “We have a pretty robust bounty program, and we worked directly with Brave to identify and repair it.”

Test used hidden textual content on Reddit

In its testing, Brave arrange a Reddit web page with invisible textual content on the display screen and requested Comet to summarize the on-screen content material. As the AI processed the web page’s content material, it could not distinguish between the malicious prompts and started feeding Brave’s testers delicate data. 

In this case, the hidden textual content enabled Comet’s AI assistant to navigate to a person’s Perplexity account, extract the related e-mail tackle, and navigate to a Gmail account. The AI agent was primarily performing as an precise person, which means that conventional safety strategies weren’t working. 

Brave warns that the sort of immediate injection can go additional, accessing financial institution accounts, company techniques, personal emails and different providers. 

Brave’s senior cellular safety engineer, Artem Chaikin, and VP of privateness and safety, Shivan Kaul Sahib, laid out an inventory of doable fixes. First, AI net browsers ought to all the time deal with web page content material as untrusted. AI fashions ought to test to ensure they’re following person intent. The mannequin ought to all the time double-check with the person to make sure interactions are appropriate, and agentic looking mode ought to solely activate when the person needs it to.

Brave’s weblog put up is the primary in a collection relating to challenges going through AI net browsers. Brave additionally has an AI assistant, Leo, embedded in its browser. 

AI is more and more embedded in all elements of expertise, from Google searches to toothbrushes. While having an AI assistant is useful, these new applied sciences have totally different safety vulnerabilities. 

In the previous, hackers wanted to be skilled coders to interrupt into techniques. When coping with AI, nevertheless, it is doable to make use of squirrely pure language to get previous built-in protections. 

Also, since many firms depend on main AI fashions, equivalent to ones from OpenAI, Google and Meta, any vulnerabilities in these techniques may lengthen to firms utilizing those self same fashions. AI firms have not been open about all these safety vulnerabilities as doing so would possibly tip off hackers, giving them new avenues to take advantage of.