[Research: Systemic 'Indirect Prompt Injection' Risks in AI Browsers] According to simonwillison.net, research indicates that AI browsers face systemic 'indirect prompt injection' risks. The Brave team demonstrated that Perplexity's Comet can be induced by invisible commands embedded in screenshots to automatically access account details and externally leak data. Fellou browser poses an even greater risk, as page text can prompt it to open Gmail and send the latest email subject lines to external sites. Both cases can be executed without user confirmation, involving email and financial security. Brave has not clarified whether these vulnerabilities have been patched by the developers. OpenAI's Chief Information Security Officer Dane Stuckey published a detailed article disclosing ChatGPT Atlas agent's defenses against prompt injection: through red team testing, training rewards to ignore malicious commands, layered security barriers, and attack detection mechanisms. He proposed a 'defense in depth' approach while acknowledging that prompt injection remains an unresolved frontier issue.