Cybersecurity researchers have identified and detailed a new attack method named “HashJack” that affects AI-powered web browsers and digital assistants. The vulnerability allows attackers to hijack these applications to exfiltrate sensitive data and execute unauthorized actions on behalf of the user.

The attack vector was discovered by a team of security analysts who documented its functionality and impact on current-generation AI tools. The findings were disclosed responsibly to the affected software vendors prior to public announcement.

How the HashJack Vulnerability Works

The HashJack attack exploits the way certain AI-integrated applications parse and process URL hash fragments—the portion of a URL that follows the ‘#’ symbol. Attackers craft a malicious link containing a specially formatted hash fragment. When an unsuspecting user clicks the link, the AI component in the browser or assistant misinterprets the fragment as a legitimate command.

This command injection enables the attacker to manipulate the AI assistant’s session. The researchers’ proof-of-concept demonstrated that this manipulation leads to the theft of data from the user’s current session, including information from open tabs and conversation history with the AI.

Affected Platforms and Vendor Response

The vulnerability was confirmed to be present in several major web browsers that feature integrated Large Language Model (LLM) capabilities, as well as in certain standalone AI assistant applications. The core issue resides in the insecure handling of URI fragments by the AI-powered components.

Upon receiving the vulnerability report, the impacted vendors acknowledged the findings. They have begun the process of developing and deploying security patches to mitigate the threat. Users of AI-enabled browsers and assistants are advised to apply all security updates as soon as they become available to protect against potential exploitation.