Trail of Bits Blog
Follow
Using threat modeling and prompt injection to audit Comet
Perplexity hired Trail of Bits to test the security of their Comet browser's AI-powered features before launch. They employed adversarial testing using their TRAIL threat model, focusing on prompt injection vulnerabilities. Four prompt injection techniques were discovered that could extract user emails from Gmail. These techniques highlighted risks when AI agents treat external content as trusted input. Trail of Bits outlined five security recommendations for companies building AI-powered products. The Comet browser assistant, interacting within web pages, accesses information and interacts with the browser. The report identified two primary trust zones: the user's machine and Perplexity's servers. The identified exploits aimed to steal user emails by exploiting the AI summarizing functionality. The effectiveness was enhanced when combined and used different techniques such as fake security measures. The testing approach emphasizes the importance of understanding AI-specific attack vectors.
