All modern web browsers have some form of AI built in to help you with your day-to-day tasks. AI-powered browsers like Microsoft Edge (Copilot), Google Chrome (Gemini) and Perplexity (Comet) are transforming how we interact online. These tools can make internet browsing convenient. But with that convenience comes new security risks — prompt injection is a very sneaky one.
What Is Prompt Injection?
Prompt injection occurs when hidden instructions in files or websites trick your AI assistant into performing unintended actions, such as visiting malicious sites or leaking sensitive data.
What Damage Can Prompt Injection Cause?
Prompt injection can wreak havoc, including:
- Redirecting you to phishing or malware sites
- Auto-filling and submitting payment forms
- Leaking sensitive information from previous chats
- Downloading and executing malicious files
- Manipulating browser extensions or settings
Examples Of Real-World Research & Breaches
The following are just a few real-life examples of the damage prompt injection can cause:
Website With Embedded Instructions
A proof-of-concept attack involved a webpage containing hidden text (using style sheets to hide it from human view) that instructed the AI assistant to send sensitive information from previous chats to an external server. When a user asked the AI to summarize the page, the AI followed the hidden instructions.
Social Media Bot Hijacking
Attackers used prompt injection to manipulate AI-powered social media bots. By embedding hidden instructions in posts or comments, they caused the bots to repost spam or malicious links, amplifying the attack across multiple accounts.
Fortune 500 Financial Firm
The Obsidian Security Team reported that an AI customer-service agent leaked sensitive account data for weeks. Prompt injection bypassed traditional controls, resulting in millions of dollars in fines and remediation.
AI Browser Hijacks
Major AI browsers (OpenAI, Perplexity, Copilot, Edge, Gemini) were hijacked by hidden instructions in webpages to leak credentials and perform actions without user awareness. NBC News reported on this here.
What Can You Do To Keep Safe?
Keep Everything Updated
- Regularly update your browser, AI extensions and operating system
- Vendors release frequent security patches for new threats; be sure to apply them
Use Advanced Endpoint Protection
- Choose solutions with behavior-based detection and AI threat analysis
Practice Safe AI Usage
- Never enter passwords, banking info or personal IDs into AI chats
- Avoid asking AI to summarize suspicious files or websites
Verify AI-Suggested Links
- Always check links before clicking; use browser security features
Disable Unnecessary Automation
- Turn off self-acting features (auto-form fill, app launching) unless needed
Be Skeptical Of Free Tools
- Free AI tools may monetize your data; review privacy policies
Watch For Unexpected AI Behavior
- If your AI assistant gives odd instructions, close the session immediately
AI is a powerful tool, but understanding its vulnerabilities — like prompt injection — helps you stay safe. Stay informed, update regularly and use AI features wisely.
Need Help?
Our Technology Solutions Group can help with your organization’s cyber security. Contact us online or call 410.685.5512.
