AI browser tools like ChatGPT, Claude, or Perplexity are becoming the go-to way for many business owners to research competitors, summarize emails, and speed up daily tasks. But as these tools grow more capable, hackers are quietly manipulating them. The latest example is almost unbelievable: hackers can influence AI browsers just by adding hidden text after a hashtag in a URL.
This newly documented “HashJack” technique, uncovered by Cato Networks, raises serious questions about browser security.
The Trick Hiding in Normal Links
Most of us don’t think twice about a URL. If it looks clean and the domain is familiar, we assume the page is safe.
But AI browsers work differently. They include built-in assistants that process webpage content to give you summaries, insights, or suggestions.
That’s exactly where the vulnerability shows up.
Malicious hackers can hide instructions in a URL fragment, specifically the portion after the hashtag symbol. Typically, this section supports navigation, but AI browsers interpret this text as a user command, even though the server never sees it.
This means that your screen shows a harmless webpage, like your bank statement, but in the background, the browser assistant might be following hidden commands you never typed. That could include everything from summarizing the information on the page and sending it to a hacker to downloading and launching malware.
As if that weren’t enough, it also keeps traditional monitoring tools from spotting anything suspicious, because the malicious text never touches the network.
HashJack Means Real-World Damage to Businesses
HashJack creates a hacking vulnerability because it can steer an AI assistant’s behavior without the user’s knowledge. That can mean:
- Leaked pricing sheets, contracts, or customer data
- Quiet theft of internal dashboards
- Malware attacks
- Zero logs on most firewalls
In other words, a single click could create an invisible pathway for cybercriminals. And because the user never actually typed the command, employees swear they “didn’t click on anything weird,” making the problem hard to trace. Patching the issue isn’t easy either, since the tools execute natural-language instructions wherever they find them.
How To Stay Ahead of This AI Browser Threat
You don't have to stop using AI browsers, but you need to be more cautious. Here are some tips:
- Educate your team: Make sure employees know that even “normal” links can hide instructions. Train your people to take extra care when a link has a long string of text after the hashtag.
- Limit the use of AI browsing tools: Disable AI browser assistants on any site handling sensitive data (one toggle in most tools). Make it a policy not to use AI helpers on banking, CRM, HR, or internal wiki pages.
- Update and patch frequently: AI browser developers are moving fast to close these gaps. Staying updated is your best defense.
- Implement enterprise-grade cybersecurity protections: Use security solutions that monitor behavior, not just traffic. Enterprise browsers or MDMs can strip or sandbox URL fragments before the AI sees them.
AI browsers are powerful, but they’re also creating new cybersecurity blind spots. The HashJack reminds us that even minor browser quirks can open big doors for attackers.
