PromptFix is a prompt injection technique that embeds malicious instructions inside fake CAPTCHA checks on web pages to coerce generative AI into carrying out attacker actions. AI-driven browsers and agentic systems that automate shopping, email, and other tasks can be deceived into interacting with phishing landing pages or fraudulent storefronts without human awareness. The approach leverages social-engineering-like prompts that appeal to the model's goal of helping users quickly and completely. The resulting Scamlexity combines AI convenience with an expanded, invisible scam surface, enabling data exfiltration or unauthorized purchases via simple commands after users reach compromised pages.
Described by Guardio Labs an "AI-era take on the ClickFix scam," the attack technique demonstrates how AI-driven browsers, such as Perplexity's Comet, that promise to automate mundane tasks like shopping for items online or handling emails on behalf of users can be deceived into interacting with phishing landing pages or fraudulent lookalike storefronts without the human user's knowledge or intervention.
This leads to a new reality that the company calls Scamlexity, a portmanteau of the terms "scam" and "complexity," where agentic AI - systems that can autonomously pursue goals, make decisions, and take actions with minimal human supervision - takes scams to a whole new level. With AI-powered coding assistants like Lovable proven to be susceptible to techniques like VibeScamming, an attacker can effectively trick the AI model into handing over sensitive information or carrying out purchases on lookalike websites masquerading as Walmart.
Collection
[
|
...
]