←back to thread

Comet AI browser can get prompt injected from any site, drain your bank account

(twitter.com)
645 points helloplanets | 3 comments | 24 Aug 25 15:14 UTC | HN request time: 0.608s | source
Show context
theideaofcoffee ◴[24 Aug 25 15:32 UTC] No.45004998[source]
Beyond being a warning about AI, which is helpful, you really should be taking proper security precautions anyway. Personally, I have a separate browser that runs no extensions set aside that's solely dedicated to doing finance- and other PII-type things. It's set to start on private browsing mode, clear all cookies on quit and I use it only for that. There may be more things that I could do but that meets my threat threshold for now. I go through this for exactly the reason in the tweet.
replies(8): >>45005107 #>>45005112 #>>45005240 #>>45005242 #>>45005255 #>>45005338 #>>45005378 #>>45005931 #
1. zahlman ◴[24 Aug 25 15:57 UTC] No.45005240[source]
... Your bank's site works in private browsing mode?
replies(1): >>45006041 #
2. sroussey ◴[24 Aug 25 17:32 UTC] No.45006041[source]
You can use a different profile for banking and limit the extensions to be just your password manager.
replies(1): >>45051275 #
3. dolmen ◴[28 Aug 25 12:20 UTC] No.45051275[source]
I'm not aware of a password manager (except the browser's builtin) that allows to limit itself to only a subset of the credentials it knows.

In a "banking" browser profile, I want only the banking credentials to be available to browser. In all other browser profiles I don't want the banking credentials to be available.