Welcome back to In the Loop, TIME’s recently launched bi-weekly newsletter focusing on artificial intelligence. If you’re currently viewing this in your web browser, consider subscribing to receive the next edition directly in your inbox.
Essential Information: The Dangers of AI Browsers
Last week, Perplexity announced that Comet, its AI-powered browser, would become freely available to all users after previously operating as a paid subscription service. Comet represents a novel type of browser, incorporating an embedded AI chatbot capable of navigating the internet on your behalf, in addition to performing automated tasks such as making purchases, dispatching emails, or scheduling calendar events.
However, there’s a significant issue. Until recently, Comet’s integrated AI could be compromised by malicious links, which allowed the browser to extract personal data from connected services like Gmail and transmit it to simulated attackers, according to new findings by the cybersecurity firm LayerX. This demonstrates that while AI-enabled browsers might boost user productivity, they can concurrently introduce novel vulnerabilities.
The Compromise — LayerX uncovered a vulnerability dubbed “CometJacking,” wherein a malicious command for the browser’s AI is embedded within a URL. Upon clicking this link, the browser misinterprets the harmful prompt as a user instruction and proceeds to execute it. In LayerX’s demonstration, the simulated attacker successfully directed Comet to retrieve information from the user’s email and calendar accounts. Although Comet features safeguards against data theft, the attacker circumvented these by instructing the AI to encode the pilfered data in base64 (effectively obscuring it to appear as harmless text) before forwarding it to a remote server under their control.
Foreshadowing Future Threats—Currently, Google Chrome stands as the dominant browser. Nevertheless, some anticipate a new “browser war” emerging soon, spurred by innovative contenders like Perplexity’s Comet. (OpenAI is also reportedly developing its own AI-powered browser, though it has yet to be released.) Yet, as browser developers hasten to integrate AI functionalities, they might inadvertently be introducing new categories of vulnerabilities, warns Or Eshed, CEO of LayerX. We could be on the verge of entering “a world where browsing becomes riskier,” Eshed states. “We’ll witness old types of attacks that had nearly vanished making a comeback, or even entirely new forms of attacks like the one we just uncovered.”
Perplexity’s Official Statement — When LayerX informed Perplexity of the vulnerability last month, the company “responded that it could not identify any security impact,” as LayerX detailed in a blog post. Conversely, a Perplexity spokesperson told TIME that LayerX’s bug report was unclearly phrased, that LayerX had not responded to requests for clarification, and that Perplexity “subsequently identified the issue independently and applied a patch.” The spokesperson affirmed that the vulnerability was never exploited and added: “We are thankful to the security community involved in our robust bounty program, and we are working to prevent such miscommunications in the future.”
If you have a moment, kindly complete our brief survey to help us better understand your profile and the AI topics that pique your interest most.
Key Figure: Lisa Su, AMD CEO
On Monday, Advanced Micro Devices (AMD), a chipmaker, revealed it had secured a multi-billion dollar agreement with OpenAI. This deal will see the creator of ChatGPT acquire 6 gigawatts’ worth of AMD’s most advanced AI chips over several years—an amount equivalent to the power consumption of approximately 4 million U.S. households. This marks the latest substantial deal for OpenAI, which had previously entered a $100 billion arrangement with Nvidia last month, as it endeavors to secure the computational power necessary to train and operate its demanding AI models—including last week’s .
When I interviewed Lisa Su last year, she was actively steering her company towards developing a novel type of AI accelerator chip. Her strategic efforts appear to have yielded success. AMD still trails Nvidia significantly within the broader semiconductor industry, but the OpenAI deal serves as a testament to the suitability of AMD chips for high-end AI workloads. It also further signals OpenAI’s ambition to lessen its reliance on Nvidia, even as it maintains a close relationship with Jensen Huang’s corporation.
Neither OpenAI nor AMD disclosed the precise monetary value of the agreement, though they did confirm that it grants OpenAI the option to acquire up to 10% of the company. Following this news, AMD shares saw an approximate 25% surge.
AI in Action
Roughly a week after introducing its video-generation application Sora, OpenAI is providing users with enhanced options to control how their likenesses appear in videos. Previously, users could either permit or prohibit their image (referred to as a “cameo” in OpenAI’s terminology) in Sora videos. Now, users can issue specific directives such as “do not include me in videos discussing political commentary” or “do not let me utter this particular word,” according to OpenAI’s head of Sora, Bill Peebles.
What We’re Reading
Breakneck, by Dan Wang
This is not an article, but rather a compelling and widely discussed book examining China’s relentless advancement. Dan Wang’s central argument posits that China functions as an engineering state, prioritizing construction at all costs, whereas the U.S. operates as a lawyerly society, where obstructing development is often simpler than initiating it. The outcome, as Wang articulates in persuasive detail, is that China now boasts impressive public infrastructure and a robust manufacturing sector, while the U.S. has undertaken no major public works in decades and is experiencing a decline in its manufacturing expertise. Breakneck raises a critical question about AI, particularly as the U.S. economy increasingly invests in this technology: What is the benefit of abundant digital intelligence if it emerges within an economy that has lost the capacity to apply it practically?
