NextFin news, Security researchers have identified significant security vulnerabilities in AI-powered web browsers, including Perplexity's Comet and the Agentic AI Browser, that expose users to online scams and data theft. These findings were reported between August 20 and August 25, 2025, by multiple cybersecurity firms and media outlets.
On August 20, 2025, privacy-focused browser company Brave disclosed a critical flaw in Perplexity's Comet AI browser. The vulnerability involves an indirect prompt injection attack, where malicious actors embed hidden instructions within webpage content. When Comet processes such pages to assist users with tasks like summarizing articles, it may mistakenly execute these embedded commands as legitimate user prompts. This flaw can allow attackers to access sensitive information such as user emails, banking credentials, and two-factor authentication codes. Brave researchers demonstrated scenarios where attackers could hijack user sessions, steal passwords, and publish private data online. Despite Perplexity's attempts to patch the flaw, Brave's subsequent tests indicated the vulnerability persists, raising ongoing security concerns.
Similarly, on August 26, 2025, BankInfoSecurity reported that the Agentic AI Browser is highly susceptible to online scams. Security researchers tested the browser by feeding it fake online stories and phishing emails, finding that the AI agents, which autonomously browse and shop on behalf of users, can be easily deceived by scam tactics. This susceptibility makes AI browsers attractive targets for cybercriminals aiming to exploit users through fraudulent schemes.
These vulnerabilities stem from the AI browsers' design, which integrates deep access to user sessions and data to perform complex tasks autonomously. Unlike traditional browsers, AI browsers interpret webpage content and user commands in ways that can blur the distinction between trusted instructions and malicious inputs. This architectural difference introduces new security risks that conventional web security measures, such as the Same-Origin Policy, cannot fully mitigate.
Experts warn that attackers could conceal malicious commands in subtle ways, including invisible text, HTML comments, or social media posts, making detection difficult. The risks include unauthorized access to bank accounts, email hijacking, and exposure of personal data. The incidents highlight the urgent need for AI browser developers to implement stricter safeguards that clearly separate user commands from untrusted webpage content.
Perplexity, the developer of Comet, acknowledged the security issues and has rolled out fixes, but independent tests suggest that the problem remains unresolved. Security firms recommend enhanced prompt validation, user intent verification, and ongoing security updates to protect users from emerging AI-specific cyber threats.
The rise of AI-powered browsers represents a significant shift in online interaction, offering advanced functionalities such as autonomous shopping, booking, and research assistance. However, these benefits come with increased security challenges that require new paradigms in cybersecurity design tailored to AI integration.
These findings and warnings were reported from the United States and globally by sources including Brave, BankInfoSecurity, Mashable India, Tom's Hardware, and OpenTools between August 20 and August 26, 2025.
Explore more exclusive insights at nextfin.ai.
