Unseeable prompt injections in screenshots: more vulnerabilities in Comet and other AI browsers - Brave

The article identifies indirect prompt injection vulnerabilities in AI-powered agentic browsers, specifically demonstrating attacks against Perplexity Comet via hidden text in screenshots and Fellou browser through visible content on navigated websites. These exploits allow malicious instructions to bypass input sanitization and be executed by the browser's Large Language Model (LLM) using the user's authenticated privileges, overriding intended user actions.