AI browser assistants vulnerable to HashJack prompt injection technique

According to a report by Silicon Angle, a newly discovered technique named "HashJack" has been detailed by Cato Networks' Cato CTRL threat research team. This technique manipulates AI browser assistants through legitimate websites, posing a significant cybersecurity threat.

HashJack involves hiding malicious prompts after the "#" symbol in a URL fragment, influencing AI assistants like Perplexity AI's Comet, Microsoft's Copilot for Edge and Google's Gemini for Chrome. The technique can lead to various malicious actions, including misinformation, data exfiltration and credential theft. The research highlights vulnerabilities in AI browser design, with Perplexity's Comet browser being particularly susceptible to HashJack due to its agentic capabilities.

The HashJack technique underscores the urgent need for security frameworks to address prompt injection risks and design weaknesses in AI browsers. The response from browser vendors varied, with Perplexity and Microsoft implementing fixes while Google classified the behavior as intended. As AI browser assistants gain access to sensitive data, the risk of manipulation will increase, emphasizing the importance of proactive security measures in the face of evolving cyber threats.

Source: Silicon Angle