Comet AI browser can get prompt injected from any site, drain your bank account

(twitter.com)

645 points helloplanets | 1 comments | 24 Aug 25 15:14 UTC | HN request time: 0.206s | source

Show context

charcircuit ◴[24 Aug 25 15:52 UTC] No.45005190[source]▶

Why did summarizing a web page need access to so many browser functions? How does scanning the user's emails without confirmation result in being able to provide a better summary? It seems way to risky to do.

Edit: From the blog post for possible regulations.

>The browser should distinguish between user instructions and website content

>The model should check user-alignment for tasks

These will never work. It's embarrassing that these are even included, considering how models are always instantly jailbroken the moment people get access to them.

replies(5): >>45005229 #>>45005325 #>>45005382 #>>45005446 #>>45006024 #

snickerdoodle12 ◴[24 Aug 25 15:56 UTC] No.45005229[source]▶

>>45005190 #

probably vibe coded

replies(1): >>45005287 #

shkkmo ◴[24 Aug 25 16:03 UTC] No.45005287[source]▶

>>45005229 #

There were bad developers before there was vibe coding. They just have more output capacity now and something else to blame.

replies(1): >>45008329 #

1. chasd00 ◴[24 Aug 25 22:23 UTC] No.45008329[source]▶

>>45005287 #

One thing about LLMs is they effectively gave bad developers superpowers. I think it’s going to usher in a new golden era for cybersecurity experts and consultancies. The whole side of the tech industry that involves cleaning up a mess.

↑