Imagine telling your AI assistant, politely, to “handle my emails and organize my Drive,” and instead of filing a few messages, it empties your entire Google Drive. That’s not science fiction, it’s the reality uncovered by researchers at Straiker STAR Labs, targeting Perplexity’s Comet browser.
The flaw, dubbed the Google Drive Wiper, exploits how agentic AI browsers interpret natural language. These assistants connect to Gmail and Drive to perform routine tasks, like moving, renaming, or deleting files. Normally, this is convenient. In the wrong hands, it’s catastrophic.
A simple email, worded like any office request, can trick the browser into mass-deleting files. The AI sees instructions like “take care of this” or “do this on my behalf” as legitimate tasks. The end result: files vanish across personal, shared, and team drives all without the user clicking a thing.
Security researcher Amanda Rousseau explained, “This is excessive agency in action. The AI isn’t malicious; it’s just doing exactly what it thinks you want. A clever attacker can weaponize that.”
Adding another twist, researchers discovered HashJack, a sneaky method where attackers hide malicious instructions after the # in URLs. A user might visit a normal-looking page, ask a question, and the AI quietly executes the hidden prompt.
Perplexity and Microsoft have patched their browsers (Comet v142.0.7444.60, Edge v142.0.3595.94). Google, however, considers the behavior “intended” and low severity. Other browsers, like Claude for Chrome and OpenAI Atlas, appear immune.
AI assistants are getting smarter but sometimes too eager. They can turn casual requests into destructive actions. Being polite may work in real life, but with agentic AI, it might just wipe your digital life.
Source: The Hacker News
