A new agentic browser attack exploits natural language prompts to automatically delete Google Drive contents without user confirmation, posing significant security risks. The attack leverages excessive agency in AI-powered assistants and URL fragment manipulation, highlighting vulnerabilities in AI browser security. #GoogleDriveWiper #HashJack #Perplexity #AIvulnerabilities
Keypoints
- An attacker can remotely trigger a destructive wipe of Google Drive via natural language prompts in AI browsers.
- The attack does not rely on jailbreaks or prompt injection but on polite, well-phrased instructions that the system interprets as routine tasks.
- OAuth access to Gmail and Google Drive enables malicious browser agents to perform destructive actions at scale.
- HashJack is a URL-based indirect prompt injection technique that exploits URL fragments to manipulate AI browsers.
- Perplexity, Microsoft, and other vendors have released patches, but fundamental vulnerabilities remain in AI browser interactions.
Read More: https://thehackernews.com/2025/12/zero-click-agentic-browser-attack-can.html