New digital threat: PromptFix uses hidden instructions to manipulate AI assistants. The purpose of the attack is to make the AI perform malicious actions without the user's knowledge or intervention, such as clicking invisible buttons, downloading infected files, or interacting with phishing links. Cybercriminals hide their instructions in compromised websites or on platforms they control, including Reddit and Facebook. Concealment techniques include invisible text, HTML comments, hiding information in images, and digital files. The attack is triggered when a user asks a browser-based AI assistant to summarize content or extract key points. This can lead the agent to perform unwanted actions. The consequences can be severe, including malware downloads, bypassing validation steps, and exposing credentials. For protection, ESET experts recommend: not allowing automatic actions by default, limiting the agent's capabilities, checking images and files for hidden text, and using lists of trusted sites. Martina Lopez, ESET Latin America cybersecurity researcher, explained that malicious actors embed hidden commands in seemingly legitimate content.
