About this video

• Video Title: Así roban tu información en un navegador con IA
• Channel: midulive
• Speakers: [No speaker names available in the transcript]
• Duration: 00:04:54

Overview

This video discusses a vulnerability in AI-powered browsers, such as Comet Perplexity, that can be exploited to steal user information. The speaker explains how attackers can use hidden prompts or comments on web pages to trick the AI into revealing sensitive data or performing unauthorized actions, like logging into accounts. The video highlights the ease with which these attacks can be executed and the potential implications for user privacy.

Key takeaways

• Vulnerability in AI Browsers: Newer browsers integrating AI, like Comet Perplexity, have a security flaw that makes them susceptible to information theft.
• Attack Method (Prompt Injection): Attackers can embed hidden instructions within web page comments (e.g., white text on a white background, HTML comments) that the AI browser interprets and executes.
• Ease of Attack: The method is simple, requiring an attacker to post a comment on a site like Reddit, which the AI browser then processes when asked to summarize or extract information from the page.
• Consequences: The AI can be manipulated to extract sensitive information, such as email addresses, and even initiate actions like logging into accounts or sending verification emails.
• Disclosure Timeline: The vulnerability was discovered by Brave's team, reported to Perplexity, and despite attempts to fix it, some issues remained, leading to public disclosure.