The manufacturer of artificial intelligence (AI) services promises a future where you can tell it to buy goods and tickets just by giving voice commands. The AI agent built into the web browser can then complete this task while you relax and drink a cup of coffee as sweet as your lady. But researchers from Guardio have found that the AI agent used in the Comet web browser developed by Preplexity can cause users to lose a lot of money.
The AI agent used by Comet can be tricked into buying products from fake websites, become a phishing manga and be injected with malware code that poses a great risk to the user's device.
Guardio managed to get the Comet AI agent to buy an Apple Watch from a fake Walmart site they developed. The purchase information is automatically entered and finalized without it realizing that it is not a genuine site. According to researchers in the real world through the use of SEO techniques and fake advertising, the AI agent can be tricked into making a purchase before the user realizes that they are the victim of a scam.
More serious is the phishing email sent using the URL of a fake banking site. Once again, the Comet AI agent entered banking login information without checking its validity. Now this sensitive log information has been successfully stolen and can be used for hacking.
Finally, malicious code injection can be done by hiding hidden instructions directly on the page. This hidden code is not visible to humans but can be read by the AI agent because it is placed at the resource cost of the page. The AI agent can be tricked into downloading malware which is then installed on the owner’s device without them knowing.
These are just some of the security issues found by Guardio, showing that AI agents may be able to do menial tasks for humans, but current security systems are not prepared to deal with cyber threats designed to exploit their weaknesses.