Being Deceived on Your Behalf: The True Nature of the "New Attack Surface" Opened by Agent AI: Taking Over AI with Invisible Commands in the "CAPTCHA Era of Fraud"

Agent-based AI browsers automate the process from "search to execution." However, a review by Guardio Labs identified instances of AI's unique "unquestioning automation," such as automatic purchases on fake e-commerce sites, automatic navigation to phishing bank sites, and execution of malicious prompts hidden in CAPTCHA-like pages. While Comet may stop under certain conditions, there have been reports of it sending autofilled address and credit card information without user approval, prompting follow-up reports from multiple media outlets. Brave provided a technical explanation of indirect prompt injection and mentioned progress in fixes, but maintained a cautious stance, stating that "complete prevention is not guaranteed." On social media, there is growing criticism of AI's tendency to "automatically mess up," with calls for minimizing execution permissions and stricter human approval. For the time being, users are advised to prohibit the automatic processing of payments and credentials and to verify the legitimacy of URLs through official channels as part of a multi-layered defense strategy.