They just do what we tell them to do
2025-08-25 18:20:22.865454+02 by Dan Lyke 0 comments
Brave: Agentic Browser Security: Indirect Prompt Injection in Perplexity Comet, in which the Brave browser folks create a Reddit prompt injection that causes the Comet browser to log into Gmail and send the login one time password to the malicious Reddit user.
Archive.org link by way of David Gerard who observes:
I am annoyed this was found by Brave, who can fuck off, but due credit...
We built and tested three scenarios, from a fake Walmart store and a real in-the-wild Wells Fargo phishing site to PromptFix - our AI-era take on the ClickFix scam that hides prompt injection inside a fake captcha to directly take control of a victim’s AI Agent. The results reveal an attack surface far wider than anything we’ve faced before, where breaking one AI model could mean compromising millions of users simultaneously.
Via Kevin Beaumont and Bruce Sterling and Baldur Bjarnason and ByteVagabond @bytevagabond.com