Comet AI browser can get prompt injected from any site, drain your bank account

⁨149⁩ ⁨likes⁩

Submitted ⁨⁨19⁩ ⁨hours⁩ ago⁩ by ⁨Pro@programming.dev⁩ to ⁨technology@beehaw.org⁩

https://i.imgur.com/Wc7Tbtk.jpeg

cross-posted from: programming.dev/post/36251461

Comments
- Hackernews.

Source: zack_overflow on X/Twitter.

Brave Research.

source

Comments

Sort:hotnew top

CarbonIceDragon@pawb.social ⁨19⁩ ⁨hours⁩ ago
after years and many billions of dollars of technological development, we have finally invented a machine that can be scammed

source
panda_abyss@lemmy.ca ⁨17⁩ ⁨hours⁩ ago
I didn’t know this existed, but it’s obviously a bad idea

source
- chicken@lemmy.dbzer0.com ⁨13⁩ ⁨hours⁩ ago
  I really don’t understand why they just put LLMs in direct control of stuff and also reading the public internet without any kind of sandboxing, you’d think this concern would be the main design problem that needs to be worked around.
  
  source
SweetCitrusBuzz@beehaw.org ⁨19⁩ ⁨hours⁩ ago
LOL.

source
- bownage@beehaw.org ⁨16⁩ ⁨hours⁩ ago
  Lmao even
  
  source
businessfish@lemmy.blahaj.zone ⁨12⁩ ⁨hours⁩ ago
complete insanity that the browser/agent doesnt even ask for user confirmation before interpreting web pages as instructions. this is just AI XSS, just mental that the AI is configured to trust and execute instructions from unsanitized web content. how was this not one of the first problems raised during development prior to release?

source
- jrandomhacker@beehaw.org ⁨11⁩ ⁨hours⁩ ago
  LLMs fundamentally don’t/can’t have “sanitized” or “unsanitized” content - it’s all just tokens in the end. “Prompt Injection” is even a bit too generous of a term, I think.
  
  source
  - businessfish@lemmy.blahaj.zone ⁨11⁩ ⁨hours⁩ ago
    sure but one would hope that if the agent is interpreting content from the web as instructions that there would be literally any security measure between the webpage and the agent - whether that’s some input sanitization, explicit user confirmation, or prohibiting the agent from interpreting web pages as instructions at all.
    
    source
teletext@reddthat.com ⁨18⁩ ⁨hours⁩ ago
So … is this a bug or a feature?

source
kibiz0r@midwest.social ⁨14⁩ ⁨hours⁩ ago
And drains our freshwater reserves in order to do it.

The dumbest timeline.

source
Kolanaki@pawb.social ⁨18⁩ ⁨hours⁩ ago
They can drain all 0 of my dollars.

source
- SpikesOtherDog@ani.social ⁨17⁩ ⁨hours⁩ ago
  I worked bank customer service. They will typically allow several transactions “in good faith.” You can dispute them, but there is a chance that the transaction type cannot be refunded easily.
  
  I often saw accounts go from $20 to -$600 due to overdraft fees, fees for being overdrawn for an extended time, etc. It is a major interruption to your life in these situations.
  
  source
  - Kolanaki@pawb.social ⁨17⁩ ⁨hours⁩ ago
    I specifically have an account that does not let you overdraft it. If the transaction would go even 1 cent over what’s in there, it denies it.
    
    I had to protect me from myself 😔
    
    source
    -> View More Comments