AI Sidebar Spoofing Puts ChatGPT Atlas, Perplexity Comet, Other Browsers at Risk (www.securityweek.com)

Security firm SquareX published a demonstration of "AI Sidebar Spoofing," where a malicious browser extension injects JavaScript to create a visually identical fake AI sidebar (shown in new tabs) that impersonates tools like ChatGPT Atlas and Perplexity Comet — and can also target AI assistants embedded in Edge, Chrome, Firefox and Brave. The attacker-controlled extension requires common host and storage permissions, then hooks into an LLM to produce plausible responses while selectively manipulating outputs for dangerous prompts: redirecting users to phishing sites (e.g., crypto scams) or displaying command sequences (like reverse-shell setup) that enable remote access and malware deployment. SquareX also notes attackers could natively embed spoofed sidebars on websites, though extensions pose broader risk because they operate across sites. The finding matters because it exposes a systemic UI-provenance and extension-permission gap: even if platforms (OpenAI, Perplexity) restrict agent capabilities (no code execution, downloads or installs), social engineering plus a compromised extension can bypass those controls by convincing users to run harmful instructions themselves. SquareX reported the issue to vendors; fixing it will require tougher extension vetting and permission models, stronger authenticated UI/provenance signals, and user awareness — otherwise attackers can reliably weaponize trusted-looking AI interfaces against users and enterprises.