Cybersecurity researchers have demonstrated a new prompt injection technique called PromptFix that tricks a generative artificial intelligence (GenAI) model into carrying out intended actions by embedding the malicious instruction inside a fake CAPTCHA check on a web page.
Described by Guardio Labs an “AI-era take on the ClickFix scam,” the attack technique demonstrates how AI-driven browsers, such as Perplexity’s Comet, that promise to automate mundane tasks like shopping for items online or handling emails on behalf of users can be deceived into interacting with phishing landing pages or fraudulent lookalike storefronts without the human user’s knowledge or intervention.
“With PromptFix, the approach is different: We don’t try to glitch the model into obedience,” Guardio said. “Instead, we mislead it using techniques borrowed from the human social engineering playbook – appealing directly to its core design goal: to help its human quickly, completely, and without hesitation.”
This leads to a new reality that the company calls Scamlexity, a portmanteau of the terms “scam” and “complexity,” where agentic AI – systems that can autonomously pursue goals, make decisions, and take actions with minimal human supervision – takes scams to a whole new level.
With AI-powered coding assistants like Lovable proven to be susceptible to techniques like VibeScamming, an attacker can effectively trick the AI model into handing over sensitive information or carrying out purchases on lookalike websites masquerading as Walmart.
All of this can be accomplished by issuing an instruction as simple as “Buy me an Apple Watch” after the human lands on the bogus website in question through one of the several methods, like social media ads, spam messages, or search engine optimization (SEO) poisoning.
Scamlexity is “a complex new era of scams, where AI convenience collides with a new, invisible scam surface and humans become the collateral damage,” Guardio said.
The cybersecurity company said it ran the test several times on Comet, with the browser only stopping occasionally and asking the human user to complete the checkout process manually. But in several instances, the browser went all in, adding the product to the cart and auto-filling the user’s saved address and credit card details without asking for their confirmation on a fake shopping site.
In a similar vein, it has been found that asking Comet to check their email messages for any action items is enough to parse spam emails purporting to be from their bank, automatically click on an embedded link in the message, and enter the login credentials on the phony login page.
“The result: a perfect trust chain gone rogue. By handling the entire interaction from email to website, Comet effectively vouched for the phishing page,” Guardio said. “The human never saw the suspicious sender address, never hovered over the link, and never had the chance to question the domain.”
That’s not all. As prompt injections…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
