Research: AI browsers pose a systemic risk of "indirect prompt injection"

The Brave team demonstrated that Perplexity's Comet can be tricked into using invisible instructions embedded in screenshots, automatically accessing account details and leaking data through external links; the Fellou browser is even more serious, as the page text can trick it into opening Gmail and sending the latest email headers to external sites.