Back to Blog
Security March 13, 2026 · 4 min read

How to Detect Prompt Injection in AI Browser Agents Using Visual Replay

AI agents browsing the web are vulnerable to prompt injection attacks. Text logs miss the hijack. Video replay catches it. Here's how.

Perplexity Comet and Opera Neon are agentic browsers — they give AI full control over your browsing. That's powerful. It's also a new attack surface.

Security researchers have identified a specific vulnerability: prompt injection via web content. An agent visits a page. The page contains hidden or visible text designed to redirect the agent's behavior. The agent executes unintended actions while your logs show "session completed successfully."

This isn't theoretical. It's documented. And it's hard to catch without seeing what actually happened on screen.

The Text Log Blind Spot

When an agent transfers money to the wrong account due to an injected prompt, the log still shows "completed successfully" — because the agent did complete the action, just not the one you intended. Text logs show intent. They don't show what the agent actually saw mid-session.

Visual Replay: The Detection Layer

A frame-by-frame video replay shows everything the agent encountered:

  • Frame 3: The page loads normally
  • Frame 8: Hidden text appears (injected prompt)
  • Frame 12: The agent's behavior changes
  • Frame 15: The action completes — to the wrong target

That's immediate, actionable evidence of compromise. The log is silent on all of it.

Implementing Visual Replay for Agent Sessions

def run_agent_with_audit(agent_task, agent_config):
    """Execute agent task and capture visual proof."""

    session_result = agent_task.execute(agent_config)

    # Capture visual session recording
    replay = pagebolt_sdk.record_session(
        session_id=session_result.id,
        steps=session_result.actions,
        output_format="mp4"
    )

    # Store audit artifact
    store_audit_trail(
        session_id=session_result.id,
        video_url=replay.url,
        timestamp=datetime.now()
    )

    return session_result, replay.url

The video is your permanent audit artifact. If behavior is questioned — by compliance, internal review, or forensics after an incident — you have pixel-perfect proof.

Getting Started

  1. Identify critical agent workflows that handle sensitive data or transactions
  2. Add visual capture at session completion for those workflows
  3. Store videos with session metadata (timestamp, task description, outcome)
  4. Test it with an injected prompt — verify the video shows the deviation

Add forensic visual replay to your agent sessions

Frame-by-frame video of every agent session. 100 captures/month free — no credit card required.

Get API Key — Free