Cybersecurity researchers have demonstrated a new prompt injection technique called PromptFix, which tricks AI browsers into executing malicious hidden prompts. This exploit targets AI-powered browsers like Comet AI Browser, automating tasks like online shopping and email management. The attack embeds the malicious prompt inside fake CAPTCHA checks on web pages, deceiving AI models into interacting with fraudulent websites without the user’s knowledge.
How PromptFix Exploits AI Browsers
PromptFix works by leveraging techniques from human social engineering, targeting the AI’s core design goal: helping users efficiently. Unlike traditional attacks, PromptFix does not attempt to glitch the system. Instead, it misleads AI browsers into completing tasks, such as making purchases or interacting with phishing sites, without user input.
In tests with Comet AI Browser, researchers found that the browser often processed these prompts automatically, adding products to the cart, autofilling personal details, and completing purchases on fraudulent sites. In some cases, the AI browser only asked users to complete the checkout process manually, but in several instances, it proceeded entirely on its own.
AI Browsers and the Threat of Scamlexity
Guardio Labs coined the term Scamlexity, referring to the complex, invisible scam surface AI systems create. This new era of scams is marked by AI models unintentionally vouching for phishing pages and carrying out harmful actions without human intervention. These attacks take advantage of the AI’s built-in trust to complete tasks like clicking invisible buttons or downloading malicious payloads, turning AI browsers into tools for cybercriminals.
AI-Powered Exploits in Cybersecurity
The rise of AI-powered coding assistants and AI browsers has exposed new attack surfaces for cybercriminals. Threat actors are increasingly using generative AI to craft realistic phishing content, clone trusted brands, and automate large-scale attacks. The use of AI tools for cybercrime will likely increase as these technologies become more accessible and sophisticated.
Researchers recommend that AI systems should implement robust defenses to prevent prompt injections and other AI-based exploits. Proactive security measures, including phishing detection and URL reputation checks, are crucial for protecting against these new AI-driven threats.
Conclusion
The PromptFix exploit reveals the vulnerabilities in AI browsers and highlights the need for better security measures. As AI continues to grow in capability, so does its potential for abuse, requiring more advanced guardrails to protect users from cyber threats.
