HashJack attack shows AI browsers can be fooled with '#'

Cato Networks discovered a "HashJack" attack that exploits AI browser assistants by hiding malicious commands after the "#" symbol in legitimate URLs, making trusted websites appear to deliver harmful instructions from AI helpers. When users interact with these modified URLs through AI browsers like Copilot, Gemini, or Comet, the hidden fragments can trigger data theft, phishing, or misinformation while bypassing traditional security defenses. While Google classified the vulnerability as low severity, Microsoft and Perplexity have implemented fixes, highlighting how AI browsers create new attack surfaces requiring updated security approaches.