The cryptocurrency landscape faced another security wake-up call on October 21, 2025, as researchers uncovered critical vulnerabilities in AI-powered browsers that could expose sensitive financial and personal data. The discovery highlights the growing intersection of artificial intelligence and blockchain security concerns as adoption accelerates.
The Exploit Mechanics
Security researchers Artem Chaikin and Shivan Kaul Sahib identified a sophisticated prompt injection attack vector specifically targeting screenshot functionality in AI browsers. The vulnerability allows malicious actors to inject hidden instructions when users take screenshots of websites and ask AI assistants to analyze or summarize the content. This creates an “unseeable” attack vector where users are unaware their browser is executing commands hidden in the visual elements they capture.
Affected Systems
The most significantly impacted systems include Perplexity Comet, which specifically allows users to take screenshots and ask questions about them. Opera Neon was also identified as having similar vulnerabilities, though that particular exploit was responsibly withheld pending full remediation. Researchers indicate that the vulnerability affects all major AI browsers that perform actions on behalf of users, representing a broad exposure across the rapidly growing agentic browser category.
The Mitigation Strategy
Responsible disclosure protocols have been followed, with vulnerabilities reported to affected vendors for remediation. The key mitigation strategy involves implementing stricter input validation for screenshot analysis, visual-only processing (without text extraction), and user permission controls that explicitly warn users when their browser is about to take actions based on visual content analysis.
Lessons Learned
This vulnerability highlights several critical lessons for the crypto and AI communities. First, the convergence of AI and blockchain technologies creates new attack surfaces that require novel security approaches. Second, browser functionality that seems convenient can introduce significant risks when those browsers have elevated permissions to interact with users’ digital lives.
User Action Required
All users of AI browsers should take immediate action to protect themselves:
- Update AI browser software to the latest patched versions
- Disable automatic screenshot analysis features
- Review and restrict browser permissions for sensitive websites
- Avoid using AI browsers while signed into financial accounts
- Be cautious about asking AI assistants to analyze content from unfamiliar sources
While this vulnerability represents a serious threat, researchers have expressed confidence that responsible disclosure practices and vendor cooperation will lead to effective mitigation.
Disclaimer: This article is for informational purposes only. Always consult with professional security advisors before making changes to your security posture. The author and publisher are not responsible for any actions taken based on the information provided here.
Multi-sig wallets should be the default for everyone in crypto
The amount of DeFi exploits is still way too high
Hardware wallet adoption is the single biggest security improvement anyone can make
perplexity comet and opera neon are just the start. every AI browser that processes visual content has this vulnerability class
Perplexity Comet specifically allows screenshot analysis. wonder how many crypto traders have taken screenshots of their portfolio and asked AI to analyze it. yikes
Mei Ling Wu portfolio screenshots being used as injection vectors is wild. every crypto bro on twitter posting their PnL and asking AI to analyze it is a potential target
pixel_leak_ the scary part is most people who post portfolio screenshots for AI analysis have their seed phrase stored in the same cloud account. one injection via Perplexity Comet and the whole stack is compromised
Real-time monitoring tools are getting better at catching exploits early
injecting instructions into screenshots that AI browsers then execute. the attack surface of AI agents is fundamentally different from traditional software
prompt_sploit the AI interpretation layer IS the new attack surface. traditional pentests look at code execution and memory corruption. LLM injection doesnt show up in any standard security scanner
redteam_ CVE-2025-32432 being CVSS 10 and exploited before disclosure means the standard 90 day responsible disclosure window failed. now every crypto user running an AI browser is a potential target for a zero day that the vendor didnt even know was out there
prompt_sploit exactly. the attack surface is the AI interpretation layer not the code itself. traditional security audits dont cover that
CVE-2025-32432 with a CVSS 10 affecting Craft CMS and being exploited before disclosure. now combine that with AI browsers auto-analyzing compromised pages. the attack chain writes itself
used perplexity comet to analyze my portfolio last month. reading this article now and deleting my screenshots. the idea that a PNG can inject instructions into an AI agent is wild