Researchers Reveal HashJack AI Browser Vulnerability

Cato Networks researchers recently disclosed "HashJack," a prompt-injection technique that hides malicious commands in URL fragments to compromise agentic AI browsers. Demonstrations show the flaw can enable data exfiltration and unauthorized actions in tools such as Perplexity’s Comet and OpenAI’s Atlas, bypassing server-side and network defenses. The discovery pressures vendors to deploy prompt validation, input isolation, and rapid patches.
Key Points
- 1Expose HashJack URL-fragment prompt-injection enabling AI browsers to execute hidden malicious commands
- 2Show that fragments bypass server-side defenses, making many network filters blind to attacks
- 3Advise immediate prompt validation, input isolation, and vendor patches for agentic browser deployments
Scoring Rationale
Novel, widely applicable exploit with confirmed demonstrations across major agentic browsers; urgent mitigations exist but not yet comprehensive.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems


