Upvote!
  • Communities
  • Create Post
  • Create Community
  • heart
    Support Lemmy
  • search
    Search
  • Login
  • Sign Up
Pro@programming.devM to Technology@programming.devEnglish ·
edit-2
4 hours ago

Comet AI browser can get prompt injected from any site, drain your bank account

i.imgur.com

message-square
6
fedilink
  • cross-posted to:
  • technology@beehaw.org
41

Comet AI browser can get prompt injected from any site, drain your bank account

i.imgur.com

Pro@programming.devM to Technology@programming.devEnglish ·
edit-2
4 hours ago
message-square
6
fedilink
  • cross-posted to:
  • technology@beehaw.org
Comments
  • Hackernews.

Source: zack_overflow on X/Twitter.

  • Brave Research;
  • Guardio Research.
alert-triangle
You must log in or # to comment.
  • Thekingoflorda@lemmy.world
    link
    fedilink
    English
    arrow-up
    11    ·
    18 hours ago

    How did they not think about this? This is a very basic prompt injection, and it still falls for it.

    • TonyTonyChopper@mander.xyz
      link
      fedilink
      English
      arrow-up
      15      ·
      16 hours ago

      They probably asked AI to write the browser. AI loves writing code with security vulnerabilities

    • Natanael@infosec.pub
      link
      fedilink
      English
      arrow-up
      7      ·
      15 hours ago

      The whole attack model has been known for years already and it isn’t even the first time that specifically an LLM browser plugin has been exploited by page contents

      https://bsky.app/profile/natanael.bsky.social/post/3kr2ud66y2x24

    • criss_cross@lemmy.world
      link
      fedilink
      English
      arrow-up
      2      ·
      13 hours ago

      Why think when there’s VC money to be had?

  • Rai@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    2    ·
    15 hours ago

    That’s awesome hahaha

  • kennedy@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    2    ·
    17 hours ago

    how lovely

Technology@programming.dev

Technology@programming.dev

Subscribe from Remote Instance

Create a post
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !Technology@programming.dev

Share interesting Technology news and links.

Rules:

  1. No paywalled sites at all.
  2. News articles has to be recent, not older than 2 weeks (14 days).
  3. No videos.
  4. Post only direct links.

To encourage more original sources and keep this space commercial free as much as I could, the following websites are Blacklisted:

  • Al Jazeera;
  • NBC;
  • CNBC;
  • Substack;
  • Tom’s Hardware;
  • ZDNet;
  • TechSpot;
  • Ars Technica;
  • Vox Media outlets, with exception for Axios;
  • Engadget;
  • TechCrunch;
  • Gizmodo;
  • Futurism;
  • PCWorld;
  • ComputerWorld;
  • Mashable;
  • Hackaday;
  • WCCFTECH;
  • Neowin.

More sites will be added to the blacklist as needed.

Encouraged:

  • Archive links in the body of the post.
  • Linking to the direct source, instead of linking to an article talking about the source.
Visibility: Public
globe

This community can be federated to other instances and be posted/commented in by their users.

  • 956 users / day
  • 1.32K users / week
  • 1.33K users / month
  • 1.33K users / 6 months
  • 1 local subscriber
  • 432 subscribers
  • 211 Posts
  • 286 Comments
  • Modlog
  • mods:
  • Pro@programming.dev
  • BE: 0.19.6
  • Modlog
  • Instances
  • Docs
  • Code
  • join-lemmy.org