Perplexity's new AI-powered browser, Comet, was found to have a critical vulnerability that would have compromised users' most sensitive data, including email addresses, login credentials and even bank account information. The bug, first identified in a blog post by rival browser firm Brave last week, has since been fixed.
But it revealed the security threat generated by embedding artificial intelligence directly into web browsing. In contrast to typical browsers, Comet is built around an embedded AI assistant that can read webpages, summarise them and perform tasks for the user, CNET reported.
This kind of automation comes with a catch. Since the assistant relies on the large language models, which is the same technology used by ChatGPT, it can allegedly be tricked into executing malicious commands buried in ordinary webpages. This technique is called prompt engineering.
Brave's developers demonstrated the vulnerability by building a test Reddit page with an invisible text. When Comet was commanded to summarise the content that could be seen, its AI inadvertently complied with the hidden directions, opening up tester access to affiliated accounts.
The vulnerability allowed Comet to scrape information from a user's Perplexity account, extract an email address and even try to browse into a Gmail inbox, Brave said. Classical security software failed to prevent the AI as it was doing exactly what the user would do.
According to CNET, Perplexity's communications head Jesse Dwyer said that the vulnerability has been “fixed,” and added that they “worked directly with Brave to identify and repair it.”
Nevertheless, Brave experts caution that the consequences extend far beyond lab experiments. Such prompt injection in theory might be employed to take over corporate systems, bank accounts or private communication.
In the blog post, Brave emphasised that AI browsers need to implement more stringent precautions. These include all page content being considered as potentially malicious, requiring the AI to double-check at all times if it is behaving according to user intent, and only allowing automated browsing capabilities when a user specifically asks for it.
The results are part of an broader set of posts from Brave analysing the struggles of AI-integrated browsers, CNET reported. Brave itself has its own assistant, Leo, and admitted that AI utilities are convenient but create new entry points for hackers.
The broader issue is that AI models can be attacked not by sophisticated coding, but by intricately designed natural language commands. That is, attackers do not have to be skilled programmers anymore to take advantage of vulnerabilities.
And because many firms depend on the same foundational AI systems developed by OpenAI, Google and Meta, a single vulnerability could ripple across the entire industry, according to CNET.
RECOMMENDED FOR YOU
Perplexity To Let Publishers Share In Revenue From AI Searches
Aug 25, 2025
AI Startup Perplexity Makes $34.5 Billion Bid For Google's Chrome Browser
Aug 12, 2025
What Is Perplexity Comet And How Does It Compare To Browsers Like Chrome, Safari, Firefox, And Edge?
Jul 17, 2025
OpenAI To Launch Web Browser To Compete With Google Chrome: Report
Jul 10, 2025
POPULAR