Welcome back to In the Loop, TIME’s new twice-weekly newsletter about AI. If you’re reading this in your browser, why not subscribe to have the next one delivered straight to your inbox?
What to Know: The Perils of AI Browsers
Last week, Perplexity announced that its AI-powered browser, called Comet, would be made free for all users after previously requiring a paid subscription. Comet is a new kind of browser, containing an integrated AI chatbot that can surf the web on your behalf, plus carry out autonomous actions like making purchases, sending emails, or creating calendar events.
There’s just one problem. Comet’s internal AI could until recently be hijacked by malicious links, which caused the browser to siphon personal information from connected services like Gmail and send it to mock attackers, according to new research by the cybersecurity firm LayerX. It’s a sign that even as AI-powered browsers might make users more productive, they can also introduce new vulnerabilities.
The attack — LayerX discovered a vulnerability called “CometJacking,” in which a malicious prompt to the browser’s AI is hidden within a URL. When the user clicks that link, the browser mistakes the malicious prompt for an instruction from the user—and begins carrying it out. In LayerX’s example, the mock attacker manages to get Comet to extract data from the user’s email and calendar accounts. While Comet has safeguards against data theft, the attacker was able to bypass them by instructing the AI to encode the stolen information in base64 (essentially scrambling it to look like harmless text) before sending it to a remote server under their control.
A sign of things to come—Today, Google Chrome is by far the most popular browser. But some believe a new “browser war” may soon arrive, fueled by new entrants like Perplexity’s Comet. (OpenAI is also believed to be working on its own AI-powered browser, although it has not released it yet.) But as browser creators rush to add AI features, they may also be adding new classes of vulnerability, says Or Eshed, LayerX’s CEO. We may be about to enter “a world in which browsing becomes riskier,” Eshed says. “We’ll see old kinds of attacks that have gone nearly extinct coming back, or even new kinds of attacks like the one that we just discovered.”
Perplexity’s response — When LayerX informed Perplexity of the vulnerability last month, the company “replied that it could not identify any security impact,” LayerX wrote in a blog post. But in a statement to TIME, a Perplexity spokesperson said that LayerX’s bug report had been poorly worded, that it had not responded to requests for clarification, and that Perplexity “later identified the issue independently and patched it.” The spokesperson said the vulnerability was never exploited, and continued: “We are grateful to the security community that participates in our thriving bounty program, and we’re working to ensure these types of miscommunication do not occur in the future.”
If you have a minute, please take our quick survey to help us better understand who you are and which AI topics interest you most.
Who to Know: Lisa Su, AMD CEO
On Monday, chipmaker Advanced Micro Devices (AMD) announced it had struck a multi-billion dollar deal with OpenAI, which would see the ChatGPT maker acquire 6 gigawatts-worth of its latest AI chip over several years—or the equivalent in power consumption of around 4 million U.S. homes. It’s just the latest megadeal for OpenAI, which struck a $100 billion arrangement with Nvidia last month, as it seeks the computing power required to train and run its voracious AI models—including last week’s Sora 2.
When I sat down with Lisa Su last year, she was in the midst of pivoting her company toward building a new type of AI accelerator chip. Her effort seems to have paid off. AMD remains in distant second place to Nvidia in the wider semiconductor industry, but the OpenAI deal is a vote of confidence that AMD chips are suitable for top-line AI workloads. It’s also yet another sign that OpenAI is seeking to reduce its dependence on Nvidia, even as it draws Jensen Huang’s company closer.
OpenAI and AMD did not disclose the dollar value of the deal, although they did say that it gives OpenAI the right to acquire up to 10% of the company. AMD shares jumped some 25% on the news.
AI in Action
A week or so after launching its video-generation app Sora, OpenAI is allowing users more options to restrict how their likenesses appear in videos. Previously, users had the option to either allow or disallow their likeness (called a “cameo” in OpenAI parlance) in Sora videos. Now, users can give instructions like “don’t put me in videos that involve political commentary” or “don’t let me say this word,” according to OpenAI’s head of Sora, Bill Peebles.
What We’re Reading
Breakneck, by Dan Wang
Not an article this time, but a highly readable book that has been doing the rounds about China’s inexorable rise. Dan Wang’s main argument is that China is an engineering state, focused on building at all costs, whereas the U.S. is a lawyerly society, where it is easier to stop things from being built than to build them. The result, as Wang lays out in compelling detail, is that China now has gleaming public infrastructure and a robust manufacturing economy, while the U.S. has built no major public works in decades, and is forgetting its manufacturing know-how. Breakneck raises a sobering question about AI, as the U.S. economy doubles down on the technology: What use is abundant digital intelligence if it arrives into an economy that has forgotten how to apply it?
The post Why AI Browsers Like Perplexity’s Comet Could Make the Web Riskier appeared first on TIME.
