University of Washington researchers found four leading AI browsers bypass the same-origin policy through prompt injection and memory poisoning, enabling data theft across tabs. Combined with systemic indirect prompt injection flaws documented by Brave and others, the tools create new enterprise and government risks that outpace current defenses. Vendors acknowledge the unsolved problems yet continue rapid deployment.
Cloudflare has launched new tools enabling website owners to easily block AI company crawlers from scraping content for training large language models. Building on its bot management system, the service uses behavioral analysis and other signals to filter out disguised bots from firms like OpenAI, Google, and Anthropic. This gives publishers greater control amid growing tensions over unauthorized data use.
|