Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
CometThe new web browser in the infirmary, recently suffered from significant security vulnerability, according to a Blog post last week From the brave, competitive company for a web browser. The vulnerability has been fixed since then, but indicates the challenges of including large language models in web browsers.
Unlike traditional web browsers, comet is built-in AI assistant. This assistant can scan the page you are looking, summarize its content or perform tasks for you. The problem is that AI is a comet assistant built on the same technology as other AI Chatbots, such as Chatggpt.
And Chatbots cannot think about the reason what people can, and if they read the content that spiced to manipulate her product, can end further through. This is known as fast engineering.
(Discovered by: Ziff Davis, Cneta Registry Company, in April, filed a lawsuit against Openai, stating that Ziff Davis Copyright in training and managed his AI and systems.)
The representative for courage did not immediately answer the request for a comment.
And companies are trying to alleviate manipulation and chatbot, but it can be cunning, because bad actors always look at new ways to break through protection.
“This vulnerability is fixed,” Jesse Dvier said, the head of communication confusing in the statement. “We have a pretty robust program award and we worked directly with a brave to identify and fix it.”
A test used by a hidden text on reddit
In his test, it bravely set a reddit page with invisible text on the screen and asked the comet to summarize content on the screen. While and processed the content of the page, it cannot distinguish malicious instructions and began to feed courage testers of sensitive information.
In this case, the hidden text has enabled AI assistant Comet AI to move to a user account for confusion, extracted an associated email address and go to the Gmail account. And the agent is essentially acting as a real user, which means that traditional security methods did not work.
Brave warns that this type of fast injection can go further, access to bank accounts, corporate systems, private names and other services.
The brave is a senior mobile safety engineer, Artem Chaikin and VP privacy and security, Shivan Kaul Sahib, set a list of possible corrections. First, and web browsers should always contain the content of the page as unreliable. And models should check to ensure that they follow the user intention. The model should always be checked with the user to ensure that interacts are correct, and the agency browsing mode should only be turned on when the user wants it.
The Hrabric’s blog post is the first in a series concerning the challenges facing and web browsers. Brave also has AI assistant, Leoembedded in his browser.
AI is increasingly installed in all parts of the technology of Google searches to teeth brushes. Although the AI assistant is useful, these new technologies have different security vulnerabilities.
In the past, the hackers needed a professional encoder to break into systems. When you are engaged in AI, however, it is possible to use a Verth natural language to get the past built-in protection.
Also, because many companies rely on the main AI models, such as Openai, Google and Meta, all vulnerabilities in these systems can be extended to companies using the same models. And companies are not open about these types of security vulnerabilities as it could take off hackers, giving them the new Avenue exploit them.
