How prompt injections embedded in websites can arbitrarily change the behaviour of AI based browsers and how this can be exploited to create phishing scams and spread misinformation.