AI-powered agentic browsers can be manipulated via their own reasoning and verbose narration—”Agentic Blabbering”—allowing attackers to lower model guardrails and lure agents into phishing and scam traps. Researchers showed that by intercepting agent traffic and using a GAN to iteratively craft pages, they made Perplexity’s Comet fall for a phishing scam in under four minutes, demonstrating how attacks can be trained against the AI itself and then affect all users of the same agent. #Comet #Perplexity
Keypoints
- Agentic Blabbering exposes what AI browsers see, believe, and plan, creating signals attackers can exploit.
- Intercepting agent-server traffic and feeding it to a GAN enabled researchers to trick Perplexity’s Comet into a phishing scam quickly.
- Attackers can iteratively optimize phishing pages against a specific agent, shifting the target from human users to the AI browser.
- Prior techniques like VibeScamming and Scamlexity and recent PerplexedBrowser zero-click attacks illustrate diverse prompt-injection and exfiltration risks.
- Full elimination of prompt-injection vulnerabilities is unlikely, so mitigations include adversarial training, automated attack discovery, and system-level safeguards.
Read More: https://thehackernews.com/2026/03/researchers-trick-perplexitys-comet-ai.html