←back to thread

Comet AI browser can get prompt injected from any site, drain your bank account

(twitter.com)
645 points helloplanets | 1 comments | 24 Aug 25 15:14 UTC | HN request time: 0.225s | source
Show context
gtirloni ◴[24 Aug 25 15:41 UTC] No.45005076[source]
Nobody could have predicted this /s

Joke aside, it's been pretty obvious since the beginning that security was an afterthought for most "AI" companies, with even MCP adding secure features after the initial release.

replies(1): >>45005124 #
brookst ◴[24 Aug 25 15:45 UTC] No.45005124[source]
How does this compare to the way security was implemented by early websites, internet protocols, or telecom systems?
replies(5): >>45005206 #>>45005207 #>>45005488 #>>45007680 #>>45010326 #
SoftTalker ◴[24 Aug 25 15:53 UTC] No.45005207[source]
Must we learn the same lessons over and over again? Why? Is our industry particularly stupid? Or just lazy?
replies(6): >>45005267 #>>45005312 #>>45005369 #>>45005463 #>>45005776 #>>45011042 #
evilduck ◴[24 Aug 25 16:11 UTC] No.45005369[source]
Financially motivated to not prioritize security.

It's hard to sell what your product specifically can't do, while your competitors are spending their time building out what they can do. Beloved products can make a whole lot of serious mistakes before the public will actually turn on them.

replies(1): >>45005540 #
SoftTalker ◴[24 Aug 25 16:29 UTC] No.45005540[source]
"Our bridges don't collapse" is a selling point for an engineering firm, on something that their products don't do.

We need to stop calling ourselves engineers when we act like garage tinkerers.

Or, we need to actually regulate software that can have devastating failure modes such as "emptying your bank account" so that companies selling software to the public (directly or indirectly) cannot externalize the costs of their software architecture decisions.

Simply prohibiting disclaimer of liability in commercial software licenses might be enough.

replies(2): >>45005847 #>>45006393 #
1. sebastiennight ◴[24 Aug 25 18:17 UTC] No.45006393[source]
Nobody cares about bridges collapsing if you built the first bridges and none have collapsed yet from the couple first folks trying them out, though.

It's only when someone tries to drive their loaded ox-driven cart through for the first time that you might find out what the max load of your bridge is.