Cyber Blog

Cybersecurity experts have uncovered a dangerous new prompt injection method known as PromptFix, designed to fool AI-powered browsers into executing malicious actions—without the user realizing it.

By embedding hidden harmful instructions within a fake CAPTCHA on a webpage, PromptFix manipulates AI browsers like Perplexity’s Comet—tools intended to streamline tasks such as online shopping or email processing—into unknowingly interacting with phishing sites or fraudulent storefronts.

Researchers describe this as an “AI-era take on the ClickFix scam.” Rather than coercing the AI into obedience, attackers exploit its core programming—to help users quickly and completely—making it highly susceptible to deceptive prompts.

They call this new threat landscape Scamlexity—a fusion of “scam” and “complexity”—where AI autonomy and sophisticated social engineering combine to deceive without human awareness.

Fraud Without Human Oversight

In tests, PromptFix prompted Comet to add items to the cart and auto-fill sensitive information using saved credit card and address details—sometimes completing checkout without interruption.

In another scenario, when asked to scan email for action items, Comet autonomously clicked links in spam emails that mimicked legitimate messages, logging into fake sites with user credentials—all behind the scenes.

As researchers noted: “Comet effectively vouched for the phishing page. The human never saw the suspicious sender or hovered over the link.”

What This Means for Users and AI Security

• Hidden Prompts: Attackers can embed malicious instructions invisible to humans but parsed by AI.
• Automated Vulnerability: Agentic AI acting on behalf of users may become a conduit for scams.
• Risk of Credential Theft: These systems can unknowingly expose personal data without user confirmation.