Brave Browser Research and Security Team Identifies and Reports More Security and Privacy Challenges Facing AI Browsers

By Cje95 | Congress and Crypto | 28 Oct 2025

One of the best things about the Brave Browser is the sheer amount of research that they not only do behind the scenes, rolling out new products, but the research that they publish. Just a couple of days ago they published a blog post that highlights something that a believe a majority of people are not aware of. The significant deficiencies facing AI powered browsers. 

 

With the release of OpenAI's Atlas web browser earlier this week attention has grown on these new web browsers for the features that they integrate into the browser. However, these features can cut both ways especially if you are signing into sensitive accounts like your bank or even just an email provider. The researchers working at Brave have identified a security flaw that is systemic challenge facing the entire category of AI-powered browsers... indirect prompt injection.

 

What is indirect prompt injection?

It is a security vulnerability where an attacker embeds malicious instructions in external content (like a website, document, or email) that an AI system reads, causing the AI to follow those hidden instructions rather than serving the user's interests. 

This type of attack could come from a whole host of things from emails to webpages to documents. You would have no idea that it was occurring which is what makes it so hard to not only detect but defend against. 

 

When the Brave Team first discovered and disclosed this finding on Perplexity's Comet browser they had a hunch this would be an issue going forward with these web browsers. For Perplexity their browser lets users take screenshots on websites and ask questions about those imagines and this allows the text within the image to be processed as commands rather than untrusted content. Due to this the browser and AI all it into the LLM and the commands can then instruct the AI to use it browser tools. 

 

This was confirmed when they tested the next one Fellou. Fellou did has some resistance to hidden instruction attacks but the flaw at its core was still the same. It treated visible webpage content as trusted input to its LLM allowing for the same thing that happened with Perplexity's browser to occur here. 

 

In both cases once discovered Brave reported the issue to Perplexity and Fellou immediately and then waited a few weeks before making the issue public. The issue facing these browsers is complex and not one with any sort of easy solution. Boundaries between trusted user inputs and untrusted web content can easily be exploited thus leading to the hijacking of the browser assistant. How this eventually will get addressed will be very interesting because it isnt like you can just strengthen the boundary directly because if you are asking it to read a text or something along those lines and you cannot see the attack input the results will still be the same. I hope to see Brave's team test out Atlas soon and hopefully within the next few weeks we can get results on how it performed. 

 

 

 

 

Please know I am not a financial advisor and make sure you do your own research! If you enjoyed this article and would like to support me further below are a few referral links that if you used when signing up I would appreciate it! Also, follow me on X here 

 

GoMining

With BTC’s rise and #Uptober in full swing for $25 you can get involved actually get involved in BTC mining and it isnt the cloud mining scams of past. GoMining's partners include Binance, Bitmain, and the Bitcoin Mining Council in the effort to allow all to participate! Want to join in on the fun?!?!       Here you go

 

Fold App

If you are interested in getting a debit OR soon to be released credit card that pays you back in BTC Fold is the place to go! If you sign up with my referral link here once you make your first purchase with the card you get $10 worth of sats as a bonus!    

 

Stacker News

Earn Sats on your posts on Stacker News with my referral link here

 

Robinhood

Robinhood is offering an excellent signup deal if you use my link here where we will both be awarded free stock. All that you have to do is sign up and connect your bank account for the award! With commission-free crypto trading and the ability to set limit orders, it is a great hybrid offering in my opinion! Not to forget the addition of wallets and the ability to send and receive crypto!

 

Unstoppable Domains

Sign up using my link here and get a free $10 credit towards

Resources

  1. https://brave.com/blog/unseeable-prompt-injections/
Brave Browser Artificial Intelligence Privacy security

How do you rate this article?

21
Cje95
Cje95

Graduated from Texas A&M in May of 2020 had dabbled in crypto since 2017 but dove in at the end of 2019. December of 2020 packed up and moved to D.C.! Huge sports fan, space nerd, and international newsreader! Follow me on Twitter @Cje95_

Congress and Crypto
Congress and Crypto

News and updates on all of the latest Congressional hearings, legislation, rumors, and more!

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.
Wealth Transfer and Cryptocurrencies ... Wealth Transfer and Cryptocurrencies ...
Nas.A

Nas.A

7 hours ago
2 minute read

Why Did Someone Burn 107 BTC ($8 Million)? The Hypotheses Why Did Someone Burn 107 BTC ($8 Million)? The Hypotheses
☑️0🆇D̺͈͙͕̿ͧ̑ͣ🅰🆅🅸🅳eͤ

☑️0🆇D̺͈͙͕̿ͧ̑ͣ🅰🆅🅸🅳eͤ

2 Jun 2026
2 minute read

The DAILY SNAP Zone 024 - Scarlet Witch The DAILY SNAP Zone 024 - Scarlet Witch
Seven-NATE-Nine

Seven-NATE-Nine

23 hours ago
8 minute read