Cybersecurity researchers have revealed CometJacking, a sophisticated attack exploiting the Comet AI browser by embedding malicious prompts within seemingly harmless links to steal sensitive data. This method underscores the security vulnerabilities of AI-native browsers and the need for security-by-design measures. #CometJacking #LayerX
Keypoints
- The attack involves malicious URLs that trigger hidden prompts in the Comet AI browser to siphon data.
- CometJacking can bypass traditional data exfiltration defenses using simple encoding tricks like Base64.
- The attack does not require credential theft as the browser already has access to connected services.
- Activated when a user clicks a crafted URL, the attack extracts and transmits user data to attacker-controlled endpoints.
- Experts emphasize the need for security-by-design in AI-native browsers to prevent such vulnerabilities.
Read More: https://thehackernews.com/2025/10/cometjacking-one-click-can-turn.html