Spoofed AI sidebars can trick Atlas, Comet users into dangerous actions www.bleepingcomputer.com/news/secu…

OpenAI’s Atlas and Perplexity’s Comet browsers are vulnerable to attacks that spoof the built-in AI sidebar and can lead users into following malicious instructions.

The AI Sidebar Spoofing attack was devised by researchers at browser security company SquareX and works on the latest versions of the two browsers.

The researchers created three realistic attack scenarios where a threat actor could use AI Sidebar Spoofing to steal cryptocurrency, access a target’s Gmail and Google Drive services, and hijack a device.

Atlas and Comet are agentic AI browsers that integrate large language models (LLMs) into a sidebar for users to interact with while browsing: ask to summarize the current page, execute commands, or perform automated tasks.

SquareX found that in both Comet and Atlas, it is possible to draw a fake sidebar over the genuine one using a malicious extension that injects JavaScript into the web page the user sees.

The fake sidebar would be identical to the one in the agentic browser, creating a deceptive element that appears to be part of the standard user interface. Since the counterfeit overlays the real one and intercepts all interactions, users would be completely unaware of the fraud.