←back to thread

Comet AI browser can get prompt injected from any site, drain your bank account

(twitter.com)
645 points helloplanets | 1 comments | 24 Aug 25 15:14 UTC | HN request time: 0.206s | source
Show context
charcircuit ◴[24 Aug 25 15:52 UTC] No.45005190[source]
Why did summarizing a web page need access to so many browser functions? How does scanning the user's emails without confirmation result in being able to provide a better summary? It seems way to risky to do.

Edit: From the blog post for possible regulations.

>The browser should distinguish between user instructions and website content

>The model should check user-alignment for tasks

These will never work. It's embarrassing that these are even included, considering how models are always instantly jailbroken the moment people get access to them.

replies(5): >>45005229 #>>45005325 #>>45005382 #>>45005446 #>>45006024 #
stouset ◴[24 Aug 25 16:07 UTC] No.45005325[source]
We’re in the “SQL injection” phase of LLMs: control language and execution language are irrecoverably mixed.
replies(1): >>45008619 #
1. chrisjj ◴[24 Aug 25 23:05 UTC] No.45008619[source]
Well said.