CEO of perplexity and co -founder Aravind Srinivas.
Associated Press
In FebruaryA few days before the Super Bowl, Aravind Srinivas, CEO of the Ai Perplexity research startup, gave users a brilliant incentive to install its application. He posted on X Instead of buying an ad from the Super Bowl, the company would give $ 1 million to a lucky user who downloaded the Perplexity application, referred it to his friends and asked him five questions during the game, a decision to attract more people to have a chance to win the big sum. “Ask a millionaire,” he said.
But the Android application of the company, which not only offers research capacities but also acts as an AI assistant, is riddled with a multitude of security problems that could expose its users to data flight, control of accounts and identity attacks of malicious pirates, according to a report from the mobile security company based in India India Appjox. One of these shortcomings also allows anyone to access the Perplexity API for free, exposing the company itself at the risk of losing income.
The safety and CEO of Appknox, Subho Halder, said that it was easy to create clones of the Android application of Perplexity because his code is integrated into what is called “hard coded secrets” – sensitive information like passwords and API keys (a chain of alphabets and the numbers that are used to identify and check an application making requests to use this API) Extracted by a pre-being. The cloned application can then be used to encourage users to believe that this is the real one, allowing hacks to collect private data such as connection information and downloaded documents.
Perplexity deployed his agent AI assistant for Android devices in January, who, according to him, could perform tasks like booking a Uber, playing a video on YouTube, finding songs on Spotify and making reserves on its own. But the series of security defects was discovered as well as perplexity, would have In talks to raise funds to an evaluation of $ 18 billion, try to find new ways to distribute its mobile application to more users and put it in the hands of more people. The company is in talks with the giant of the manufacture of smartphones, Samsung Bloomberg. Perplexity did not respond to a request for comments.
Perplexity application is also sensitive to an attack called “task diversion” in which a thug application takes control of the phone’s actions to your attention when you use another. The now malicious application can then monitor your activity and collect data. For example, someone could hack Perplexity’s application so that if you type a prompt in the Amazon search zone, it could give it harassment. Halder said it could even be the prey to the network -based attacks where people on an unwanted network like an airport hotspot can have their conversations with perplexity perception and their stolen data.
Founded in 2022, the first Perplexity product was a conversational AI search engine that explores the web to get information and uses a mixture of large -language, anthropogenic and meta models to answer questions on a given subject by producing summaries generated by AI which include links to sources through the web. He collected a total of $ 900 million in Bigwigs Tech venture capital funding such as the founder of Amazon Jeff Bezos and the co-founder of Openai Andrej Karpathy and is currently estimated at $ 9 billion, according to Pitchdeck. Perplexity application has more than 10 million downloads on Google Play.
Security vulnerabilities are only part of the problem of perplexity. The company was criticized Forbes And other media to alternately afflict their reports and redistribute them to several platforms via a functionality called Perplexity Pages. At the time, Srinivas said that his characteristic of Republican’s product had “rough edges” and that the perplexity “improves it with more feedback”. In June 2024, Forbes sent a letter of sale and designs to perplexity, accusing him of having violated copyright, to which the perplexity replied saying that the allegations was without merit and that the factual information is not protected by the law on copyright.
Safety in the AI world often focuses on the models themselves – producing precise information and is not affected by the way. This report underlines the idea that securing the application where people interact with the models are just as important, said Halder Forbes.
Halder’s advice to users are to delete the Android app from the telephone perplexity until the problems are solved. AI applications are under construction at a dizzying speed and many fail on the most basic vulnerability checks, said Halder, but “perplexity is a full -fledged security risk”.
More Forbes
