The Drum · Weekly AI news, freeSubscribe →
Share
Brave uncovers more vulnerabilities in AI-driven web browsers, revealing indirect prompt injection as a widespread risk that could expose users' sensitive data to potential exploitation by attackers.
Building on their previous disclosure of the Perplexity Comet vulnerability, Brave has continued its security research into agentic browsers. The findings confirm that indirect prompt injection is a systemic challenge across AI-powered browsers, not an isolated issue. This article examines additional attack vectors identified and tested by Brave’s researchers.
AI-powered browsers are designed to perform actions on behalf of users, making them powerful tools. However, these capabilities come with significant risks. If a user is signed into sensitive accounts such as banking or email within the browser, an attacker could exploit prompt injection vulnerabilities to steal money or private data. Simply summarizing a Reddit post could lead to severe security breaches.
Brave's research has uncovered several new attack vectors:
Perplexity’s Comet assistant allows users to take screenshots on websites and ask questions about those images. This feature can be exploited to inject prompts that bypass traditional text-based input sanitization. Malicious instructions embedded as nearly invisible text within the image are processed as commands rather than untrusted content.
How the Attack Works:
Brave has responsibly reported these issues to various companies to ensure vulnerabilities are addressed. They emphasize that a safer web benefits everyone and encourage ongoing debate and research into secure agentic AI. The company's commitment to transparency is evident in their detailed disclosures and responsible disclosure practices.
The discovery of these new vulnerabilities underscores the need for continued vigilance in the development and use of AI-powered browsers. While these tools offer significant benefits, they also introduce complex security challenges that require ongoing research and collaboration among industry stakeholders. Brave's proactive approach to identifying and disclosing such vulnerabilities sets a positive example for ensuring the safety and privacy of users.
Tags
Original Sources
About the author
Marcus began tracking AI's market implications in 2016, noticing AI-related patent filings accelerating ahead of earnings upgrades before most of the sell-side had caught on. A former fixed-income quantitative analyst, he spent two decades building models that priced risk across emerging markets before pivoting to cover the economic impact of AI full-time. His writing translates opaque technical developments into clear risk/reward terms — and he's rarely diplomatic about the gap between AI valuations and underlying fundamentals. He believes most market participants still underestimate AI's long-run deflationary effect on knowledge work.
More from The Analyst →This Week's Edition
23 October 2025
133 articles
Related Articles
Related Articles
More Stories
