Summarize this article with
Imagine scrolling r/LinkedInLunatics on Reddit, deciding a spicy post has too many comments to read, and asking your AI-powered browser to summarize the comments for you — only to find out later that said browser, which you had given full authorization to act on your behalf, had given up valuable personal information due to hidden text in one of the comments.
Perplexity’s AI-powered browser, Comet, recently made headlines because of this exact vulnerability (which has since been fixed). As AI-powered tools are seeing increased adoption due to their ability to automate tasks and personalize content, we’re also seeing more and more AI attack vectors coming to light.
The recent issues uncovered in the Comet browser highlight just how important it is for enterprise companies to build a layered approach to ensure account security for their users — and the implications for enterprises are even more significant because they potentially face these risks at scale.
Our team has been following these developments closely, and in this article, I take a closer look at the findings from the audits, and share strategies that can help protect your users and their accounts, as well as mitigate the effects of a prompt injection attack.
The Comet browser incident
Security researchers at Brave and Guardio recently examined Comet, and Brave published a blog post exposing a vulnerability that allowed attackers to manipulate the the Comet browser’s AI agent through prompt injection attacks.
In these attacks, bad actors could embed malicious prompts directly into web content, such as hidden text in a Reddit comment. As outlined in Brave’s post, when a user visits a compromised page and asks Comet’s AI agent to summarize the content on that page, the agent might interpret these hidden prompts and perform actions or leak sensitive information without checking with the user first — and often without the user’s knowledge.
Brave and Guardio also revealed that Comet lacked proper isolation between its AI agent and regular web browsing, making it easier for attackers to exploit these weaknesses. This left users open to phishing, data leaks, and potentially the execution of harmful code, all because the browser failed to separate trusted actions from malicious instructions.
The risk extends beyond individual users — enterprise organizations that rely on AI-powered tools could also find themselves exposed to new forms of fraud that bypass traditional security measures. For example, a similar attack could be conducted by inserting hidden text in a customer support ticket that can be read and interpreted by an internal AI tool to take unauthorized actions.
The Comet incident illustrates how quickly attackers can adapt when new technologies are introduced without guardrails in place. As AI becomes more deeply embedded in web browsing, the need for advanced, adaptable fraud prevention measures grows.
How AI-driven browsers increase account takeover risk
One of the most serious implications of prompt injection in AI-powered browsers is the heightened risk of account takeover (ATO) attacks. Full automation makes AI-powered browsers attractive, but they also make them a prime target for fraudsters looking for new ways to carry out ATO fraud.
In this case, fraudsters can exploit AI agents to interact with phishing sites, autofill credentials, or submit forms — making it easier to gain unauthorized access to user accounts. The consequences of ATOs can escalate quickly, especially when organizations rely on static defenses.
Building resilience against AI-powered attacks with a layered fraud prevention strategy
Due to how quickly AI-driven threats are evolving, relying on a single layer of defense is not enough. A modern fraud prevention strategy requires multiple controls working together to identify, assess, and respond to risk in real time.
Layered security also means monitoring for velocity anomalies, such as rapid access attempts or multiple accounts accessed from the same device. Device intelligence is a key part of this layered approach. When the technology is integrated with adaptive authentication and behavioral analytics, it becomes much harder for fraudsters to evade detection and bypass account security measures.
By analyzing a wide range of browser, device, and network attributes in real time, device intelligence platforms can spot anomalies that may indicate fraudulent activity. For instance, Fingerprint’s platform uses more than 100 signals to generate a unique visitor ID for each user that visits your site or app. This identifier remains stable even if cookies are cleared or VPNs are used.
But identification is only the beginning. Through its more than 20 Smart Signals, Fingerprint also provides actionable insights that help stop fraud before it causes harm. By detecting non-human automation, such as browsers running in headless mode or controlled by scripts, Fingerprint can flag suspicious sessions for further review.
For example, we’ve found that high-risk environments, including rooted or jailbroken devices, are often favored by fraudsters looking to bypass security controls. By recognizing these signals, organizations can trigger step-up authentication or additional verification measures when anomalies are detected. This adaptive approach means that even if an attacker manipulates an AI agent, their chances of succeeding in account takeover fraud drop significantly.
Real-time insights are vital. Embedding device intelligence within the authentication flow enables organizations to respond instantly to new threats, protecting both users and business assets. The ability to spot tampered browsers, detect VPN usage, or identify rapid changes in device behavior gives organizations a decisive advantage against evolving attack methods.
Moving forward: How to secure your organization against new AI-powered risks
The Comet findings are a reminder for all businesses: AI-driven tools are evolving fast, and the time to re-evaluate and implement more effective fraud prevention strategies is now. To better protect customers and company proprietary data, organizations need to prioritize layered fraud prevention strategies that include device intelligence at their core.
If you’re looking to strengthen your defenses against AI-driven attacks, our team is ready to help you explore how device intelligence can fit into your fraud prevention strategy. Learn more about how Fingerprint’s approach can help you detect AI agents and prevent ATO by scheduling a personalized demo.
