Technology
AI Browser Steals Data
In this episode of Cybersecurity Today, host David Chipley discusses alarming cybersecurity issues, including a new vulnerability in an AI-powered browser that can turn it into a data thief with just ...
AI Browser Steals Data
Technology •
0:00 / 0:00
Interactive Transcript
spk_0
AI powered browser turned into data thief.
spk_0
Discord discloses data breach.
spk_0
Huge surge in scans targeting Palo Alto devices
spk_0
and US military told to stop doing cyber security training.
spk_0
This is Cybersecurity Today and I'm your host, David Chipley.
spk_0
Finally back home in Ferderton after 30 days of travel with 15 flights,
spk_0
five time zones, two oceans, two seas, one great lake,
spk_0
and amazingly no lost luggage.
spk_0
A new security flaw has been uncovered in perplexity's
spk_0
comment AI browser and it only takes a single click
spk_0
to turn the tool from helpful assistant into data thief.
spk_0
Researchers at LaRex are calling the attack comment jacking.
spk_0
It works by hiding malicious prompts inside a seemingly harmless link.
spk_0
When a victim clicks a link in a phishing email or embedded on a web page,
spk_0
the browser's AI co-pilot is quietly hijacked.
spk_0
Here's what happens.
spk_0
Instead of taking the user to the site they expected,
spk_0
the crafted URL instructs comments AI to consult the memory
spk_0
and run a hidden prompt.
spk_0
That prompt can grab data from connected services like Gmail or Counter,
spk_0
encode it with simple base 64 tricks to evade detection
spk_0
and then send it off to an attacker's server.
spk_0
No need for stolen passwords because the browser already has legitimate access.
spk_0
Researchers describe it this way.
spk_0
A single, weaponized URL can quietly flip in the
spk_0
AI browser from a trusted co-pilot to an insider threat.
spk_0
Perplexity for its part has downplayed the findings
spk_0
and saying they have, quote, no security impact.
spk_0
But the research highlights a much bigger issue.
spk_0
AI native tools introduce new risks.
spk_0
They can bypass traditional defenses and when hijacked,
spk_0
they can act as an insider with the keys already in hand.
spk_0
This story highlights the desperate need to separate
spk_0
agentec AI access from legitimate access granted to human users.
spk_0
This isn't the first time AI browsers have shown such weaknesses.
spk_0
Pack five years ago in 2020,
spk_0
Guardio Lab disclosed scam Lexity and a hack that tricked AI powered browsers
spk_0
into interacting with phishing pages or fake e-commerce sites.
spk_0
Layer X warns that AI browsers may become the next enterprise battleground.
spk_0
If your enterprise is so foolhardy as to deploy them right now,
spk_0
not something I would recommend.
spk_0
If attackers can direct your AI assistant simply by sending a link,
spk_0
the browser itself becomes a command and control hub inside your network.
spk_0
The call from researchers here is clear.
spk_0
These tools need security built in from day one
spk_0
to make sure that agent prompts and memory access can't be hijacked.
spk_0
And for everyone else, it's a reminder that in the age of AI,
spk_0
sometimes the most dangerous thing you can do online
spk_0
is still the oldest trick in the book, clicking a bad link.
spk_0
And sometimes the only defense for organizations
spk_0
is making sure we educate people to think critically about what they're accessing.
spk_0
Discord has disclosed a data bridge after hackers stole
spk_0
support tickets from a third-party customer service provider.
spk_0
The attack happened on September 20th and affected a limited number of users
spk_0
who had interacted with Discord support or trust and safety teams.
spk_0
While the company isn't giving exact numbers, the impact could be serious.
spk_0
The stolen data includes real names, user names, email addresses, IP addresses,
spk_0
and even photos of government-issued IDs like drivers licenses or passports for some users.
spk_0
Partial billing details were also exposed,
spk_0
such as payment types, the last four pages of credit cards, and purchase history.
spk_0
The bridge appears financially motivated.
spk_0
hackers demanded a ransom in exchange for not leaking the information.
spk_0
Security researchers note this type of data stolen,
spk_0
amounts to quote literally people's entire identity, end quote, in some cases.
spk_0
Discord says it moved quickly once the attack was discovered,
spk_0
revoking the provider's access, launching an internal investigation,
spk_0
and bringing in forensic experts, as well as contacting law enforcement.
spk_0
The company also confirmed that the intrusion took place through a third-party support system,
spk_0
later identified as Zendesk.
spk_0
Adding to the intrigue, the scattered lapses hunter group sometimes linked to other high-profile
spk_0
breaches at first claimed responsibility before backtracking and pointing the finger at another
spk_0
group that they quote, interact with. For context, Discord is used by more than 200 million
spk_0
people each month, with gamers still making up the bulk of the community, but usage is expanding
spk_0
into all kinds of groups and industries. The scale means even a limited breach can be significant.
spk_0
Security experts also pointed out another interesting consequence.
spk_0
If the stolen data is ever linked, it could provide investigators with valuable breadcrumbs about
spk_0
scammers. Many scammers rely on Discord for coordination, but don't always cover their tracks perfectly.
spk_0
And one research noted, if this database leaks, it could actually be helpful for cyber defenders
spk_0
and for police in investigating crypto hacks and scams. There's a little bit of irony there.
spk_0
The bigger picture here is clear. Supply chain risk continued to be one of the hardest problems
spk_0
in cybersecurity. Discord was not directly breached, but a key provider was. And when customer
spk_0
service systems hold everything from billing details to government ID scans, why? A compromise there
spk_0
can feel just as bad as a direct hit. So while the investigation continues, it's a reminder that
spk_0
the weakest link isn't always the platform itself. Sometimes it's the partner holding the keys
spk_0
to your support inbox. Uh oh. Cybersecurity researchers are warning, but a massive surge they're seeing in
spk_0
scans targeting Palo Alto Network's login portals. According to grainways, there's been a 500% increase
spk_0
in suspicious IP addresses focused on Palo Alto's global protect and panOS profiles. Normally, daily
spk_0
scans don't exceed 200 unique IP addresses, but on October 3rd, researchers observed more than 1200
spk_0
IPs engaged in this activity. Most of those IPs were traced to the United States with smaller
spk_0
clusters in the UK, the Netherlands, Canada, and Russia. Grainway says two major clusters stood out.
spk_0
One directed its scans at US targets and the other aimed at Pakistan. Each group had distinct
spk_0
TLS fingerprints, but with some overlap. Overall, 91% of the activity was classified as suspicious,
spk_0
with another 7% deemed outright malicious. Nearly all the scans hit grain noises emulated
spk_0
Palo Alto devices, which suggests targeted reconnaissance, likely drawing from public tools like
spk_0
Shodan or Census, or attacker-driven scans. This kind of activity often points to attackers for
spk_0
pairing for exploitation. Grainways has noted that in the past, scans' bikes against
spk_0
products like Cisco ASA were followed by disclosures of vulnerability and exploitation of zero-day
spk_0
vulnerabilities. In this case, however, researchers cautioned the link between the scans and a new
spk_0
exploit may be weaker. Palo Alto Networks responded to the report, saying it has found no evidence of
spk_0
compromise and that its infrastructure is protected by its Cortex platform. The company says the
spk_0
platform stops 1.5 million new attacks daily and distills 36 billion events down to the most
spk_0
critical threats. Bottom line here, there's no confirmed exploit yet, but like a good weather forecast,
spk_0
it's good to pay attention to this. A five-fold jump in reconnaissance is really good news.
spk_0
When attackers are rattling the doors this loudly, it's not because they're doing it just for fun.
spk_0
The U.S. Department of Defense is dialing back cyber security training. A newly circulated
spk_0
memo says the department wants to quote, enable war fighters to focus on their core mission end
spk_0
quote, which as the memo puts it, is fighting and winning wars. To that end, mandatory cyber security
spk_0
training will be consolidated, reduced in frequency, or eliminated altogether. That includes
spk_0
cutting back on controlled, unclassified information training, and removing privacy act training
spk_0
from the common list. The memo also encourages military branches to automate information management
spk_0
systems to reduce the need for human training. In other words, let the machines handle it.
spk_0
I guess that's one way to make signal gate a non-issue in the future. Picture no one even knows
spk_0
why that was such a terrible idea in the first place. Let me say this once and make sure I say
spk_0
it loudly for the kids at the back of the class. If technology tools alone could protect us from
spk_0
cyber threats, they would have done it by now, were over 30 years into this. They can't. You need
spk_0
people and technology working together, now more than ever. The Department of Defense move
spk_0
comes a cyber attacks against the US military branches and contractors, continue to mount.
spk_0
The Air Force is still investigating a breach believed to be linked to Chinese threat actors,
spk_0
and at the same time the Pentagon has just introduced stricter cyber security rules for contractors,
spk_0
requiring different compliance levels based on sensitivity of the data they handle.
spk_0
So, contractors are being told to step up, while soldiers, sailors, and airmen are being told
spk_0
to step back. I'm sure Russia, China, North Korea, and others are thrilled with this announcement.
spk_0
Defense Secretary Pete Hegseth argues the change will keep troops focused on war-fighting skills.
spk_0
But in monitoring conflicts, cyber and kinetic warfare are increasingly intertwined. Or to put it
spk_0
another way, you can be the fittest soldier with the sharpest shooting skills in the world,
spk_0
but it won't matter much if someone just hacked the systems controlling your communications gear,
spk_0
or if they already know your plan because they've been reading your mission briefings.
spk_0
Those are your updates for Monday, October 6th. Happy Cybersecurity Awareness Month
spk_0
were always interested in your opinion. Contact us at technewsday.com or leave a comment under the YouTube
spk_0
video. Please help us spread the word about the show. Like, subscribe, consider leaving a review,
spk_0
and if you enjoy the show, please tell others. We'd love to grow our audience and we need your help.
spk_0
I'd been your host, David Chipley. Jim Love will be back on Wednesday.