frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

I built an AI browser with prompt-injection defense at 16 on an i5 with 8GB RAM

3•latestinssan•2h ago
URL: https://github.com/Preet3627/Comet-AI

TEXT: Hey HN, I'm Preet, 16 years old, and I've been building Comet AI Browser for the past 2 months while preparing for JEE. I want to be upfront about what this is and what it isn't. What it is: A cross-platform AI browser (Windows/macOS/Linux/Android/iOS) with a security architecture I couldn't find anywhere else. Most AI browsers trust LLM guardrails to prevent prompt injection. Comet doesn't — it enforces isolation at the system level:

The agent perceives pages via OCR only, never parsing raw HTML/JS. Injected scripts are invisible to it by design. A syntactic firewall strips dangerous primitives (rm -rf, powershell.exe, sudo) before anything reaches the LLM. Native OS actions require explicit human authorization — the AI generates intent, not execution.

I demonstrated a live prompt injection attack against it on YouTube: https://youtu.be/PRcE_O1oXIE Benchmarks (all on the same i5-U, 8GB RAM, SATA SSD I developed on):

Speedometer 3.1: 12ms mean, ±1ms variance BrowserAudit security score: 398/409 Adblock score: 100%

The Speedometer result surprised me too. The ±1ms variance matters more than the raw number — it means the Chromium CEF integration isn't fighting Electron overhead under load. What's working:

Multi-provider AI routing (GPT, Claude, Gemini, Groq, Ollama local) AI Action Chain engine with multi-hop research and memory persistence Cross-device sync via WiFi/Bluetooth/QR — phone controls desktop, home screen widgets trigger desktop actions Cross-app OCR clicking (natural language commands work across all applications) 8-layer OS authorization with zero-knowledge cloud verification for dangerous operations CI/CD pipeline producing 5 platform binaries per release

What it isn't: Production ready. It's a functional beta with known stability issues (context loss between agent steps, some empty extractions). The Electron base is also on the roadmap to replace with native Chromium. Built on: Electron 40 + Next.js 16 + React 19 (desktop), Flutter/Dart (mobile) MIT licensed, all source on GitHub. Happy to answer questions about the security architecture specifically — that's the part I'm most uncertain whether I got right, and honest feedback from people who know this space would genuinely help.

Can Elon Musk run AI in space?

https://www.economist.com/insider/inside-tech/can-elon-musk-really-run-ai-in-space
1•andsoitis•1m ago•0 comments

Show HN: Vis Pro – A Formula-Based Workout Program Editor

https://vis.fitness/pro
1•strongpigeon•2m ago•0 comments

Revisiting the Steam Controller

https://callmeo.live/blog/revisiting-the-steam-controller/
1•speckx•3m ago•0 comments

Opus 4.6 completed the Blender Donut Tutorial by watching it on YouTube

https://old.reddit.com/r/ClaudeAI/comments/1rdir26/i_had_opus_46_complete_the_entire_blender_donut/
1•bpierre•3m ago•0 comments

Devin 2.2

https://twitter.com/cognition/status/2026343816521994339
2•tosh•5m ago•0 comments

Show HN: Imsg-TUI – A Console App for Sending and Receiving iMessages

https://github.com/plotfi/imsg-tui
1•zer0zzz•5m ago•0 comments

Host Leadership

https://martinfowler.com/bliki/HostLeadership.html
1•rahimnathwani•5m ago•0 comments

Claude Code Remote Control

https://twitter.com/noahzweben/status/2026371260805271615
1•mfiguiere•6m ago•0 comments

Manjaro website off-line again due to lapsed certificate

https://distrowatch.com/dwres.php?resource=showheadline&story=20140
1•hexagonsuns•6m ago•0 comments

Agents of Chaos: a red team study of autonomous LLM agents with full access

https://www.researchgate.net/publication/401123335_Agents_of_Chaos
2•felineflock•7m ago•0 comments

Show HN: Datapoint – replacing mobile ads with data labelling tasks

https://trydatapoint.com/blog-page
1•chancemehmu•7m ago•0 comments

What spec-driven development gets wrong

https://www.augmentcode.com/blog/what-spec-driven-development-gets-wrong
1•thesleepypanda•7m ago•0 comments

npm i chat – One codebase, every chat platform

https://vercel.com/changelog/chat-sdk
1•MaxLeiter•8m ago•0 comments

The vulnerability of aging states (2023)

https://www.pnas.org/doi/10.1073/pnas.2218834120
1•measurablefunc•8m ago•0 comments

Show HN: Open-source EU AI Act compliance layer for AI agents (8/2026 deadline)

1•shotwellj•9m ago•0 comments

Continuous inhalation of essential oil increases gray matter volume in the brain

https://pubmed.ncbi.nlm.nih.gov/38331299/
1•rdgthree•9m ago•0 comments

Influencers are promoting peptides for better health. What does the science say?

https://www.npr.org/2026/02/23/nx-s1-5716162/peptides-science-muscle-growth-longevity-wellness
1•ck2•10m ago•0 comments

I got my phone bill down to $6.25/month after years of overpaying

1•huntsmans•10m ago•0 comments

Add drip email system with onboarding and coverage milestone emails

1•nishiohiroshi•10m ago•0 comments

Agents of Chaos

https://arxiv.org/abs/2602.20021
2•wslh•11m ago•0 comments

Show HN: GenogramAI – Create Genograms in Seconds

1•veritas9•11m ago•0 comments

Use Lyria 3 to create music tracks in the Gemini app

https://blog.google/innovation-and-ai/products/gemini-app/lyria-3/
1•bookofjoe•12m ago•0 comments

Show HN: Tools Are Lying to You

https://cloudstreet-dev.github.io/Your-Tools-Are-Lying-to-You/
2•DavidCanHelp•13m ago•1 comments

Show HN: Recall – A personal CRM you use over text messages

https://www.recall.life/
1•kyledotkyle•14m ago•0 comments

TAWS – The Amiga Workbench Simulation 0.40

https://www.taws.ch/WB.html
1•doener•14m ago•0 comments

Reframed – Open-source alternative to Screen Studio, have editor, auto-zoom

https://github.com/jkuri/Reframed
2•jkuri•15m ago•0 comments

Show HN: MacCoolinator – Putting the "Cool" in Mac

https://github.com/corylevine/MacCoolinator
2•coryxrx•15m ago•0 comments

Inequality aversion can be taught through learning of others' preferences

https://elifesciences.org/articles/102800
1•PaulHoule•16m ago•0 comments

simple timezone tracker

https://time.yaosamo.com/
1•yaosamo•16m ago•0 comments

The whole point of OpenAI's Responses API is to help them hide reasoning traces

https://www.seangoedecke.com/responses-api/
2•dkleinest•17m ago•0 comments