I switched from Chrome to an AI browser and acquired an imperfect glimpse of the long run
Comet is susceptible to LLM exploits
Massive language fashions are susceptible to one thing known as “immediate injections,” which might occur each time the LLM is made to course of and interpret textual content. The issue is that when textual content is fed into an LLM, it isn’t all the time clear whether or not that textual content is from you or elsewhere.
For instance, an LLM may course of and analyze the supply code of an online web page to carry out some sort of activity. However the supply code of an online web page may doubtlessly embrace hidden immediate directions designed to hijack an AI that’s analyzing the supply code. The LLM can’t distinguish the hidden immediate in the supply code from the supply code itself.
In different phrases, that hidden immediate was injected into the supply code, and the AI might be none the wiser. Therefore, immediate injection assault.
Chris Hoffman / Foundry
Safety researchers at Guardio discovered that Comet was susceptible to assaults like this, and that it may very well be tricked into falling for phishing scams whereas on-line procuring. Safety researchers from Courageous additionally discovered that Comet was susceptible to oblique immediate injection assaults. Right here’s the wildest half from Courageous’s weblog put up:
“The vulnerability we’re discussing on this put up lies in how Comet processes webpage content material: when customers ask it to ‘Summarize this webpage,’ Comet feeds part of the webpage on to its LLM with out distinguishing between the consumer’s directions and untrusted content material from the webpage. This permits attackers to embed oblique immediate injection payloads that the AI will execute as instructions.”
Did you catch that? It’s not that Comet’s protections in opposition to immediate injection have been bypassed, however slightly that Comet (in its preliminary launch) didn’t even have immediate injection protections that attempted to tell apart between trusted consumer directions and untrusted net web page knowledge despatched to the AI mannequin (no less than with the summarization perform).
This kind of factor is a recognized drawback with giant language fashions. Whereas Comet now has higher protections in opposition to this, it’s unclear how good these safeguards are. Comet hasn’t been correctly battle-tested.
Different agentic AI looking options—like ChatGPT’s agent mode—work together with web sites by loading these web sites in their very own browser within the cloud aside out of your knowledge. Even when these LLMs are exploited by immediate injection assaults, no less than the injury is considerably restricted.
However when the AI has entry to the whole lot in your browser—as is the case with Perplexity’s Comet—the danger goes up by fairly a bit. From what I can inform, it looks like Perplexity is “shifting quick and breaking issues” whereas rivals are no less than listening to safety earlier than launching.
