HashJack
HashJack – Novel Indirect Prompt Injection Against AI Browser Assistants
Source: https://www.catonetworks.com/blog/cat...
HashJack is a newly discovered indirect prompt injection technique that conceals malicious instructions after the # in legitimate URLs. When AI browsers send the full URL (including the fragment) to their AI assistants, those hidden prompts get executed. This enables threat actors to conduct a variety of malicious activities. Cato CTRL’s findings outline six scenarios including callback phishing, data exfiltration (in agentic modes), misinformation, malware guidance, medical harm, and credential theft.
#HashJack #AISecurity #PromptInjection #IndirectPromptInjection #BrowserSecurity #AIAssistants #LLMSecurity #CyberSecurity #GenAI #Perplexity #MicrosoftCopilot #GoogleGemini #SecurityResearch #RedTeam #BlueTeam #AppSec #ThreatResearch #Phishing #CallbackPhishing #DataExfiltration