Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Perplexity. Show all posts
Technology
agentic browser AI Cloud Comet Internet Perplexity Technology

Perplexity's Comet AI Browser Tricked Into Phishing Scam Within Four Minutes


Agentic browser at risk

Agentic web browsers that use AI tools to autonomously do tasks across various websites for a user could be trained and fooled into phishing attacks. Hackers exploit the AI browsers’ tendency to assert their actions and deploy them against the same model to remove security checks. 

According to security expert Shaked Chen, “The AI now operates in real time, inside messy and dynamic pages, while continuously requesting information, making decisions, and narrating its actions along the way. Well, 'narrating' is quite an understatement - It blabbers, and way too much!,” the Hacker News reported. Agentic Blabbering is an AI browser that displays what it sees, thinks, and plans to do next, and what it deems safe or a threat. 

Tricking the browsers

By hacking the traffic between the AI services on the vendor’s servers and putting it as input to a Generative Adversarial Network (GAN), it made Perplexity’s Comet AI browser fall prey to a phishing attack within four minutes. 

The research is based on established tactics such as Scamlexity and VibeScamming, which revealed that vibe-coding platforms and AI browsers can be coerced into generating scam pages and performing malicious tasks via prompt injection. 

Attack tactic

There is a change in the attack surface as a result of the AI agent managing the tasks without frequent human oversight, meaning that a scammer no longer has to trick a user. Instead, it seeks to deceive the AI model itself. 

Chen said, “If you can observe what the agent flags as suspicious, hesitates on, and more importantly, what it thinks and blabbers about the page, you can use that as a training signal.” Chen added that the “scam evolves until the AI Browser reliably walks into the trap another AI set for it."

End goal?

The aim is to make a “scamming machine” that improves and recreates a phishing page until the agentic browser accepts the commands and carries out the hacker’s command, like putting the victim’s passwords on a malicious web page built for refund scams. 

Guardio is concerned about the development, saying that, “This reveals the unfortunate near future we are facing: scams will not just be launched and adjusted in the wild, they will be trained offline, against the exact model millions rely on, until they work flawlessly on first contact.”

Read more »
Travel
Gen AI LLMs MCP prompt injection Open AI Perplexity Technology Travel

How MCP is preparing AI systems for a new era of travel automation

 




Most digital assistants today can help users find information, yet they still cannot independently complete tasks such as organizing a trip or finalizing a booking. This gap exists because the majority of these systems are built on generative AI models that can produce answers but lack the technical ability to carry out real-world actions. That limitation is now beginning to shift as the Model Context Protocol, known as MCP, emerges as a foundational tool for enabling task-performing AI.

MCP functions as an intermediary layer that allows large language models to interact with external data sources and operational tools in a standardized way. Anthropic unveiled this protocol in late 2024, describing it as a shared method for linking AI assistants to the platforms where important information is stored, including business systems, content libraries and development environments.

The protocol uses a client-server approach. An AI model or application runs an MCP client. On the opposite side, travel companies or service providers deploy MCP servers that connect to their internal data systems, such as booking engines, rate databases, loyalty programs or customer profiles. The two sides exchange information through MCP’s uniform message format.

Before MCP, organizations had to create individual API integrations for each connection, which required significant engineering time. MCP is designed to remove that inefficiency by letting companies expose their information one time through a consolidated server that any MCP-enabled assistant can access.

Support from major AI companies, including Microsoft, Google, OpenAI and Perplexity, has pushed MCP into a leading position as the shared standard for agent-based communication. This has encouraged travel platforms to start experimenting with MCP-driven capabilities.

Several travel companies have already adopted the protocol. Kiwi.com introduced its MCP server in 2025, allowing AI tools to run flight searches and receive personalized results. Executives at the company note that the appetite for experimenting with agentic travel tools is growing, although the sector still needs clarity on which tasks belong inside a chatbot and which should remain on a company’s website.

In the accommodation sector, property management platform Apaleo launched an MCP server ahead of its competitors, and other travel brands such as Expedia and TourRadar are also integrating MCP. Industry voices emphasize that AI assistants using MCP pull verified information directly from official hotel and travel systems, rather than relying on generic online content.

The importance of MCP became even more visible when new ChatGPT apps were announced, with major travel agencies included among the first partners. Experts say this marks a significant moment for how consumers may start buying travel through conversational interfaces.

However, early adopters also warn that MCP is not without challenges. Older systems must be restructured to meet MCP’s data requirements, and companies must choose AI partners carefully because each handles privacy, authorization and data retention differently. LLM processing time can also introduce delays compared to traditional APIs.

Industry analysts expect MCP-enabled bookings to appear first in closed ecosystems, such as loyalty platforms or brand-specific applications, where trust and verification already exist. Although the technology is progressing quickly, experts note that consumer-facing value is still developing. For now, MCP represents the first steps toward more capable, agentic AI in travel.



Read more »
website data
AI CloudFlare Perplexity Technology website data

Cloudflare Accuses AI Startup Perplexity of Bypassing Web Blocking Measures

 





Cloudflare has accused artificial intelligence company Perplexity of using hidden tactics to bypass restrictions designed to stop automated bots from collecting website data.

In a statement published Monday, Cloudflare said it had received multiple complaints from its customers claiming that Perplexity was still able to view and collect information from their sites, even though they had taken steps to block its activity. These blocks were implemented through a robots.txt file, a common tool that tells search engine bots which parts of a website they can or cannot access.

According to Cloudflare’s engineers, testing confirmed that Perplexity’s official crawler — the automated system responsible for scanning and indexing web content was being blocked as expected. However, the company claims Perplexity was also using other, less obvious methods to gain access to pages where it was not permitted.

As a result, Cloudflare said it has removed Perplexity from its list of verified bots and updated its own security rules to detect and block what it called “stealth crawling.” The company stressed that trustworthy crawlers should operate transparently, follow site owner instructions, and clearly state their purpose.

This dispute comes shortly after Cloudflare introduced new tools allowing website operators to either block AI crawlers completely or charge them for access. The move is part of a broader debate over how AI firms gather the large amounts of online data needed to train their systems.

When contacted by media outlets, Perplexity did not respond immediately. Later, company spokesperson Jesse Dwyer told TechCrunch that Cloudflare’s claims were exaggerated, describing the blog post as a “sales pitch.” Dwyer also argued that Cloudflare’s screenshots showed no actual data collection, and that one of the bots mentioned “isn’t even ours.”

Perplexity went further in its own blog post, criticizing Cloudflare’s actions as “embarrassing” and “disqualifying.”

The AI company has faced similar accusations before. Earlier this year, the BBC threatened legal action against Perplexity over claims it had copied its content without permission. Perplexity is one of several AI companies caught up in disputes over online data scraping, though some media organizations have instead chosen to sign licensing agreements with AI firms, including Perplexity.

As the tension between AI data gathering and online privacy grows, this case stresses upon the increasing push from technology infrastructure providers like Cloudflare to give site owners more control over how and whether, AI systems can collect their content.

Read more »
Subscribe to: Comments (Atom)