Among the explosion of AI systems, AI web browsers such as Fellou and Comet from Perplexity have begun to make appearances on the corporate desktop. Such applications are described as the next evolution of the humble browser, and come with AI features built in; they can read and summarise web pages – and, at their most advanced – act on web content autonomously.
In theory, at least, the promise of an AI browser is that it will speed up digital workflows, undertake online research, and retrieve information from internal sources and the wider internet.
However, security research teams are concluding that AI browsers introduce serious risks into the enterprise that simply can’t be ignored.
The problem lies in the fact that AI browsers are highly vulnerable to indirect prompt injection attacks. These are where the model in the browser (or accessed via the browser) receives instructions hidden in specially-crafted websites. By embedding text into web pages or images in ways humans find difficult to discren, AI models can be fed instructions in the form of AI prompts, or amendments to prompts that are input by the user.
The bottom line for IT departments and decision-makers is that AI browsers are not yet suitable for use in the enterprise, and represent a significant security threat.
Automation meets exposure
In tests, researchers discovered that embedded text in online content is processed by the AI browser and is interpreted as instructions to the smart model. These instructions can be executed using the user’s privileges, so the greater the degree of access to information that the user has, the greater the risk to the organisation. The autonomy that AI gives users is the same mechanism that magnifies the attack surface, and the more autonomy, the greater the potential scope for data loss.
For example, it’s possible to embed text commands into an image that, when displayed in the browser, could trigger an AI assistant to interact with sensitive assets, like corporate email, or online banking dashboards. Another test showed how an AI assistant’s prompt can be hijacked and made to perform unauthorised actions on the behalf of the user.
These types of vulnerabilities clearly go against all principles of data governance, and are the most obvious example of how ‘shadow AI’ in the form of an unauthorised browser, poses a real threat to an organisation’s data. The AI model acts as a bridge between domains, and circumvents same-origin policies – the rule that prevents the access of data from one domain by another.
Implementation and governance challenges
The root of the problem is the merging of user queries in the browser with live data accessed on the web. If the LLM can’t distinguish between safe and malicious input, then it can blithely access data not requested by its human operator and act on it. When given agentic abilities, the consequences can be far-reaching, and could easily cause a cascade of malicious activity across the…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
