A recent investigation by Brave has unveiled significant vulnerabilities in AI-powered browsers, particularly concerning prompt injection attacks that exploit hidden commands within screenshots. This research highlights that indirect prompt injection is a systemic issue across various agentic browsers, posing serious risks to user security and privacy. One notable finding involved the Perplexity Comet browser, where attackers can embed malicious instructions in nearly invisible text within screenshots, potentially leading to unauthorized actions on users’ sensitive accounts. The study emphasizes that traditional web security assumptions are inadequate in the face of AI agents acting on behalf of users, which allows untrusted webpage content to prompt actions that could jeopardize personal and financial data. Brave urges a need for improved safeguards and clearer boundaries between user inputs and external content to enhance security in agentic browsing environments. This on the heels of OpenAI releasing ChatGPT Atlas, their new AI-powered browser.
WatchGuard Technologies reported a 40% increase in evasive malware transmitted over encrypted connections, highlighting a concerning trend among cybercriminals. The company’s latest Internet Security Report, which analyzed data from April through June 2025, revealed that 70% of all malware is now delivered via encrypted channels, primarily using the Transport Layer Security protocol. Corey Nachreiner, Chief Security Officer at WatchGuard, emphasized the growing challenge for managed service providers and IT teams to adapt quickly to these stealthier tactics. The report noted a 15% rise in overall malware detections, driven by an 85% increase in threats identified by Gateway AntiVirus, underscoring the need for enhanced visibility into encrypted traffic and robust security measures to mitigate these risks effectively.
Ransomware payouts have reached unprecedented levels, with the average payment rising from 2.5 million dollars to 3.6 million dollars, according to the 2025 Global Threat Landscape Report by ExtraHop. The report reveals a significant shift in attack strategies, moving from broad attacks to more targeted approaches, resulting in lower frequency but higher-cost incidents. Organizations now face an average downtime of over 37 hours following a ransomware event, with many attackers spending nearly two weeks undetected within systems before executing their attacks. As highlighted by ExtraHop, this evolution in tactics underscores the critical need for improved visibility in cybersecurity measures, as a significant portion of organizations report challenges such as limited visibility and overwhelming alert volumes.
Why do we care?
So this one’s a bit unsettling — Brave found that AI browsers can be tricked using hidden text inside screenshots. Yeah, invisible commands that an AI agent can read, but you can’t. They tested it on Perplexity’s Comet browser, but the problem’s much bigger — it’s a flaw in how these agentic browsers work. And this drops right after OpenAI launches ChatGPT Atlas, which lives in that same category.
Meanwhile, WatchGuard’s data shows 70 percent of all malware is now coming through encrypted connections. That’s traffic your old security stack might not even see. Evasive malware is up 40 percent, and Gateway AntiVirus detections jumped 85 percent. The bad guys are hiding in the noise — literally.
And ransomware? The payouts are through the roof. The average’s now $3.6 million, with victims offline for nearly two days on average. Attackers are taking their time, sitting inside networks for weeks before pulling the trigger.
Here’s what that means for IT providers: you’re fighting blind if your tools can’t see into AI systems or encrypted traffic. Start treating AI browsers like risky apps, rethink your inspection strategy, and make sure your recovery plans actually work. Because this next wave of attacks isn’t about brute force — it’s about invisibility.