BioShocking: Logic-Based Prompt Injection Exploiting Perplexity and Comet AI Browsers
LayerX Security has identified "BioShocking," a novel class of logic-based exploitation targeting AI-integrated browsers, specifically Perplexity and Comet. The vulnerability exploits the "confused deputy" phenomenon, where the AI agent's reasoning capabilities are manipulated via specialized prompt injection payloads to bypass internal security guardrails. By targeting the integration layer between the Large Language Model (LLM) and the browser's data access permissions, attackers can induce the AI to access sensitive session credentials, passwords, and PII. The compromised AI agent then executes exfiltration sequences, transmitting stolen data to attacker-controlled remote endpoints under the appearance of legitimate operational requests.