When Your Browser Becomes The Attacker: AI Browser Exploits
When Your Browser Becomes The Attacker: AI Browser Exploits
https://thehackernews.com/expert-insights/2026/02/when-your-browser-becomes-attacker-ai.html
Publish Date: 2026-02-02 02:34:00
Source Domain: thehackernews.com
AI-powered browsers are changing how we use the web, but they’re also creating some serious new security risks. Tools like Perplexity’s Comet and Opera’s Neon can summarize pages and automate tasks for you. The problem is that researchers have found these agentic copilots can be hijacked by malicious prompts hidden in ordinary webpages, essentially turning your browser against you.
In August 2025, Brave’s security team disclosed an indirect prompt injection against Perplexity’s Comet using hidden instructions in a Reddit spoiler tag, leading Comet to extract an email address and a one-time passcode. No memory corruption, no code execution exploit. The browser simply followed instructions it couldn’t distinguish from legitimate user intent.
In this post, we’ll look at how these attacks work, why they slip past traditional defenses, and what security teams can do to keep data safe from compromised AI agents.
AI Browsers: Powerful, But a New Target
AI-enabled browsers like Comet are classified as “agentic browsers” because they take actions on behalf of users: booking meetings, filling forms, summarizing pages, and navigating between sites. The AI operates with full access to the user’s browsing context, including authenticated sessions on any site where the user is logged in. This is where the risk comes in. If an attacker can sneak commands into the content the AI processes, they can effectively take control of your browsing session.
What makes these attacks different from traditional hacking is that there’s no malware or code exploits involved. Attackers exploit the fact that AI can’t distinguish between your instructions and someone else’s. They hide malicious commands in places you’d never notice: white text on a white background, buried in HTML comments, tucked inside collapsed sections, or encoded invisibly in images. When the AI processes the page, it treats these hidden instructions as legitimate requests.
Hijacked Agents: How Prompt Injection Works
To…
