Security researchers have uncovered several Perplexity Comet vulnerabilities affecting the company’s new AI-powered browser. The flaws highlight how agentic browsers introduce new security risks when automated assistants interact with web content.
Comet integrates an AI agent directly into the browsing environment. The assistant can summarize pages, retrieve information, and perform tasks across different websites. These capabilities promise greater productivity, but they also create new attack paths when malicious content manipulates the AI’s behavior.
Researchers demonstrated multiple exploitation scenarios. These include zero-click attacks, data exposure, and potential account takeover attempts.
Zero-Click Exploit Can Expose Local Files
The most serious issue involves a zero-click exploit that targets Comet’s automated browsing agent. Attackers can embed malicious instructions inside web content that the AI assistant processes automatically.
In the demonstrated attack scenario, the AI agent retrieves sensitive information stored on the victim’s device. The browser then transmits that information to a remote server controlled by the attacker.
Traditional browsers restrict direct access to local files. However, AI agents operate with elevated privileges because they act on behalf of the user. This design creates a new security boundary that attackers may exploit.
Researchers showed that a user could trigger the exploit simply by visiting a malicious page. No additional interaction was required.
Prompt Injection Manipulates the AI Agent
The vulnerabilities rely heavily on prompt injection techniques. These attacks hide malicious instructions inside normal webpage content.
When the AI assistant reads the page, it may treat those instructions as legitimate commands. The browser agent then executes actions that the user never intended.
Prompt injection attacks can instruct the AI to reveal sensitive data, navigate to attacker-controlled sites, or send information outside the system. Because the instructions appear inside ordinary webpage content, detecting them becomes extremely difficult.
Security researchers warn that prompt injection remains one of the biggest unresolved risks in AI-driven applications.
Integrated Services Increase Account Risks
Comet also allows users to connect external services and applications. The AI assistant can interact with these services to automate workflows and retrieve information.
This integration increases convenience but also expands the attack surface. Malicious prompts may instruct the AI to access connected accounts or extract authentication data.
Researchers demonstrated scenarios where attackers could attempt to retrieve login credentials or security tokens. In some cases, this behavior could allow attackers to escalate the attack toward account takeover.
These risks become more serious when the browser integrates productivity tools, email services, or password managers.
Agentic Browsers Expand the Threat Surface
The vulnerabilities illustrate a broader security challenge facing agentic browsers.
Traditional browsers act mainly as content viewers. They display web pages while limiting the actions those pages can perform. AI browsers operate differently because they actively perform tasks on behalf of users.
This shift changes how attackers approach exploitation. Instead of targeting browser code directly, attackers manipulate the AI system that controls automated actions.
As more companies experiment with AI-driven browsing assistants, the number of potential attack scenarios will likely increase.
Security researchers emphasize the need for stronger safeguards. These include stricter permission boundaries, improved filtering of webpage instructions, and clearer separation between trusted prompts and untrusted content.
Conclusion
The newly discovered Perplexity Comet vulnerabilities highlight the emerging risks associated with AI-powered browsers. Zero-click exploits, prompt injection attacks, and credential exposure scenarios demonstrate how automated agents can become powerful attack vectors.
AI browsers promise a faster and more efficient online experience. However, these tools must evolve alongside stronger security controls.
Without robust protections, the automation that makes agentic browsers useful could also create new opportunities for cybercriminals.
0 responses to “Perplexity Comet Vulnerabilities Expose Risks in AI Agent Browser”