Sign up to save your podcasts
Or
Share ChatGPT Atlas and Perplexity Comet Are Already Getting Hijacked
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
ChatGPT Atlas and Perplexity Comet Are Already Getting Hijacked
AI browsers like ChatGPT Atlas and Perplexity Comet are being hijacked by instructions hidden inside ordinary webpages. You never have to click anything for it to happen. Juan and Kate walk through how prompt injection works, why the first generation of AI agents can't be patched out of this problem, and what it actually costs you to hand your browsing over to a bot.
They cover the resume trick going viral right now: white text keywords at the bottom of your CV that humans can't see but bots score highly. They cover how a single meta tag on a shopping site can override your agent's instructions and push a product you never asked for. And they get into why indirect prompt injection — malicious instructions buried in HTML, CSS, PDFs, or metadata — is so much harder to fix than direct jailbreaking. The difference matters: direct injection is you manipulating the model, indirect is someone else manipulating your agent while it browses on your behalf.
Juan and Kate keep returning to one question: how much security are you willing to trade for an agent that handles your calendar, your shopping, and your browsing? The security measures are whack-a-mole. So who's responsible when your agent gets redirected and your bank account gets drained?
ABOUT SLOP WORLDAI news with receipts. Juan Faisal and Kate Cook fact-check the claims Big Tech is making about AI, follow the money, and break down what it actually means for your job, your data, and your daily life. From leaked data and corporate cover-ups to AI schools, stolen identities, and layoff headlines that don't add up, we cover the AI stories that everyone's hyping but nobody's verifying. New episodes every Thursday.
DISCLAIMERAll content is commentary and opinion based on publicly available documents, interviews, and verifiable sources. References to "scams," "grifts," or related terms reflect our editorial opinion, not legal conclusions. Anyone featured who believes a statement is inaccurate may contact us.
CHAPTERS
00:00 - Why AI Browsers Like Atlas and Comet Are a Security Risk00:50 - Invisible Instructions Hijacking Your AI Agent01:51 - Prompt Injection Explained for Beginners02:39 - The Hack That Exposes AI Browser Weaknesses03:40 - The Resume Hack: Watch Your Data Get Stolen04:43 - Phishing Attack Using Simple Meta Tags05:20 - Hidden Malicious Prompts in Metadata and PDFs06:00 - Direct Injection: Forcing Models Past Guardrails06:41 - Indirect Injection: Embedded Instructions for Agents07:22 - We're Playing With Fire: AI Browser Security Is a Mess09:03 - Why AI Agents Get Manipulated So Easily12:55 - ChatGPT Atlas and Perplexity Comet: Can We Trust These Browsers?14:13 - What Is Your Cost of Convenience? The Risks of AI Automation16:01 - Why First-Gen AI Agents Will Always Be Flawed
View all episodes
By Juan Faisal / Kate CookAI browsers like ChatGPT Atlas and Perplexity Comet are being hijacked by instructions hidden inside ordinary webpages. You never have to click anything for it to happen. Juan and Kate walk through how prompt injection works, why the first generation of AI agents can't be patched out of this problem, and what it actually costs you to hand your browsing over to a bot.
They cover the resume trick going viral right now: white text keywords at the bottom of your CV that humans can't see but bots score highly. They cover how a single meta tag on a shopping site can override your agent's instructions and push a product you never asked for. And they get into why indirect prompt injection — malicious instructions buried in HTML, CSS, PDFs, or metadata — is so much harder to fix than direct jailbreaking. The difference matters: direct injection is you manipulating the model, indirect is someone else manipulating your agent while it browses on your behalf.
Juan and Kate keep returning to one question: how much security are you willing to trade for an agent that handles your calendar, your shopping, and your browsing? The security measures are whack-a-mole. So who's responsible when your agent gets redirected and your bank account gets drained?
ABOUT SLOP WORLDAI news with receipts. Juan Faisal and Kate Cook fact-check the claims Big Tech is making about AI, follow the money, and break down what it actually means for your job, your data, and your daily life. From leaked data and corporate cover-ups to AI schools, stolen identities, and layoff headlines that don't add up, we cover the AI stories that everyone's hyping but nobody's verifying. New episodes every Thursday.
DISCLAIMERAll content is commentary and opinion based on publicly available documents, interviews, and verifiable sources. References to "scams," "grifts," or related terms reflect our editorial opinion, not legal conclusions. Anyone featured who believes a statement is inaccurate may contact us.
CHAPTERS
00:00 - Why AI Browsers Like Atlas and Comet Are a Security Risk00:50 - Invisible Instructions Hijacking Your AI Agent01:51 - Prompt Injection Explained for Beginners02:39 - The Hack That Exposes AI Browser Weaknesses03:40 - The Resume Hack: Watch Your Data Get Stolen04:43 - Phishing Attack Using Simple Meta Tags05:20 - Hidden Malicious Prompts in Metadata and PDFs06:00 - Direct Injection: Forcing Models Past Guardrails06:41 - Indirect Injection: Embedded Instructions for Agents07:22 - We're Playing With Fire: AI Browser Security Is a Mess09:03 - Why AI Agents Get Manipulated So Easily12:55 - ChatGPT Atlas and Perplexity Comet: Can We Trust These Browsers?14:13 - What Is Your Cost of Convenience? The Risks of AI Automation16:01 - Why First-Gen AI Agents Will Always Be Flawed