Talking about things getting weird—you can take an image or screenshot that contains invisible (to the human eye) information, upload it to an LLM of your choice (particularly the new breed of AI-powered browsers), and trigger a prompt injection attack. At this point, you ought to be truly careful when using LLMs, especially if you are exposing them to the outside world (e.g., if your business offers an AI-based chatbot).
What we’ve found confirms our initial concerns: indirect prompt injection is not an isolated issue, but a systemic challenge facing the entire category of AI-powered browsers. […]
As we’ve written before, AI-powered browsers that can take actions on your behalf are powerful yet extremely risky. If you’re signed into sensitive accounts like your bank or your email provider in your browser, simply summarizing a Reddit post could result in an attacker being able to steal money or your private data.
↗ Unseeable prompt injections in screenshots: more vulnerabilities in Comet and other AI browsers
