Cato CTRL researchers unveiled HashJack, an indirect prompt injection attack that hides malicious instructions in URL fragments to hijack AI browsers like Comet, Copilot, and Gemini. This client-side technique turns legitimate websites into vectors for phishing, data theft, and misinformation without triggering traditional security tools. Vendor responses vary, with Google dismissing it as low-severity intended behavior.