{"id":219569,"date":"2026-03-03T16:01:00","date_gmt":"2026-03-03T21:01:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/03\/03\/researchers-discover-suite-of-agentic-ai-browser-vulnerabilities\/"},"modified":"2026-03-03T16:01:00","modified_gmt":"2026-03-03T21:01:00","slug":"researchers-discover-suite-of-agentic-ai-browser-vulnerabilities","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/03\/03\/researchers-discover-suite-of-agentic-ai-browser-vulnerabilities\/","title":{"rendered":"Researchers discover suite of agentic AI browser vulnerabilities"},"content":{"rendered":"<p><a href=\"https:\/\/cyberscoop.com\/agentic-ai-browsers-allow-hijacking-zenity-labs-comet\/\">Researchers discover suite of agentic AI browser vulnerabilities<\/a><\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/agentic-ai-browsers-allow-hijacking-zenity-labs-comet\/\">https:\/\/cyberscoop.com\/agentic-ai-browsers-allow-hijacking-zenity-labs-comet\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-03-03 16:01:00<\/a><\/p>\n<p>Source Domain: <a href=\"cyberscoop.com\">cyberscoop.com<\/a><\/p>\n<p>Researchers have discovered multiple vulnerabilities that let attackers to quietly hijack agentic AI browsers.<\/p>\n<p>Researchers at Zenity Labs discovered these flaws, which affected multiple AI browsers, including Perplexity\u2019s Comet. Before being patched, an attacker could exploit them via a legitimate calendar invite, using a prompt injection to force the AI browser to act against its user.<\/p>\n<p>\u201cThese issues do not target a single application bug,\u201d Stav Cohen, senior AI security researcher at Zenity Labs, wrote in a blog published Tuesday. \u201cThey exploit the execution model and trust boundaries of AI agents, allowing attacker controlled content to trigger autonomous behavior across connected tools and workflows.\u201d<\/p>\n<p>Prompt injection and AI hijacking attacks work because many agentic browsers can\u2019t differentiate between instructions\u00a0 given by users and any outside content they ingest. Essentially, any webpage or email the browser encounters, if phrased the right way, could be interpreted as a straightforward prompt instruction.<\/p>\n<p>By seeding the calendar invite with malicious prompts, the browser can be directed to access local file systems, browse directories, open and read files, and exfiltrate data to a third-party server. No malware or special access is required, only that the user accept the invite so the browser performs \u201ceach step as part of what it believes is a legitimate task delegated by the user.\u201d<\/p>\n<p>\u201cComet follows its normal execution model and operates within its intended capabilities,\u201d Cohen wrote. \u201cThe agent is persuaded that what the user actually asked for is what the attacker desires.\u201d<\/p>\n<p><iframe loading=\"lazy\" title=\"PleaseFix: PerplexedBrowser - File System Attack\" width=\"640\" height=\"360\" src=\"https:\/\/www.youtube.com\/embed\/tJV6tfiK-5g?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/p>\n<p>The potential damage doesn\u2019t stop there. Another vulnerability allowed an attacker to use similar indirect prompting techniques to have Comet take over a user\u2019s password manager. If a user is already signed in to the service, the agentic browser also has full&#8230;<\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/agentic-ai-browsers-allow-hijacking-zenity-labs-comet\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researchers discover suite of agentic AI browser vulnerabilities https:\/\/cyberscoop.com\/agentic-ai-browsers-allow-hijacking-zenity-labs-comet\/ Publish Date: 2026-03-03 16:01:00 Source Domain:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,31,32,27],"class_list":["post-219569","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","tag-ai","tag-exploit","tag-malware","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/219569"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=219569"}],"version-history":[{"count":0,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/219569\/revisions"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=219569"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=219569"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=219569"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}