Understanding CometJacking: A New Threat to AI Browsers
Recently, cybersecurity experts unveiled a novel attack dubbed CometJacking, aimed specifically at Perplexity’s AI browser, Comet. This technique involves embedding harmful prompts within seemingly harmless links to gain unauthorized access to sensitive information. The key targets include connected services like email and calendars, making it a pressing concern for users who rely on these tools for both personal and professional tasks.
How CometJacking Works
The CometJacking attack operates as a subtle prompt injection method. When a user clicks a malicious link, often included in phishing emails or embedded in web pages, they unknowingly trigger the browser’s AI to execute actions without their consent. This deceptive approach can result in significant data breaches.
Michelle Levy, Head of Security Research at LayerX, emphasized the dangers of this attack, stating that a single compromised URL can transform a trusted AI assistant into a potential insider threat. “It’s not merely about data theft; it’s about exploiting an agent that already possesses critical access,” she noted. According to Levy, the research demonstrates how minor obfuscation techniques can bypass standard data protection measures, allowing attackers to retrieve emails, calendar entries, and other integrated data with minimal effort.
The Steps of the Attack
The mechanics of the CometJacking attack can be summarized in a five-step process:
-
Initiation: The victim clicks on a specially crafted URL, which could be located in a phishing email or on a compromised webpage.
-
Execution: Rather than leading the user to the intended website, the URL contains commands that instruct the Comet browser’s AI to execute hidden prompts.
-
Data Capture: The AI captures sensitive data from platforms like Gmail.
-
Obfuscation: This information is then encoded using techniques like Base64 to obscure its contents.
-
Transmission: Finally, the encoded data is sent to an endpoint controlled by the attacker.
This entire process illustrates how the crafted URL utilizes a specific query string directed at the AI, pushing it to refer to its memory instead of performing a normal web search.
Security Implications
Perplexity has publicly stated that the findings of the research are classified as having “no security impact.” However, this perspective highlights a growing concern: AI-driven tools may expose fresh vulnerabilities that traditional security protocols struggle to counteract. The potential for malicious actors to manipulate these tools puts both users and organizations at risk of data breaches.
In a previous instance, Guardio Labs reported a similar threat, called Scamlexity, in which browsers, including Comet, could be manipulated into interacting with phishing sites without the users’ awareness. This evolving landscape underscores the need for heightened security measures in AI applications.
Preparing for AI-Driven Threats
As AI browsers increasingly become integral to enterprise environments, the landscape of cybersecurity is shifting. Or Eshed, CEO of LayerX, cautioned that the AI browser could become a central command point for attacks within corporate networks. “Organizations need to act swiftly to assess their security controls to detect and neutralize these malicious agent prompts before they escalate into widespread campaigns,” he stated.
The emergence of attacks like CometJacking serves as a reminder that while technology continues to evolve, so too does the sophistication of cyber threats. Understanding these risks and adopting proactive measures will be crucial in safeguarding sensitive information against emerging vulnerabilities.
