AI Browser Flaw Lets Hackers Steal Data 🔓

Security researchers at Brave exposed a critical vulnerability in AI browsers.

Hackers can hide malicious instructions in web pages using white text on white backgrounds, HTML comments, or invisible text in screenshots. When you ask the AI to summarize a page, it can't tell the difference between your request and the hidden commands.

In Brave's demo, hidden instructions in a Reddit comment made the AI access someone's Perplexity account, grab their email, open their Gmail, steal a one-time password, and post everything back to Reddit. One click, complete account takeover.

These browsers run with your logged-in privileges. If you're signed into banking or email, hidden commands can access those accounts.

How to stay safe:
- Don't sign into AI browsers with your main email
- Don't authenticate into sensitive services like banking
- Use AI browsers carefully until proper security is built

This affects atlas, comet, Dia Browser, and other AI-powered browsers.