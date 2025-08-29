Perplexity's new AI-powered browser, Comet, was found to have a critical vulnerability that would have compromised users' most sensitive data, including email addresses, login credentials and even bank account information. The bug, first identified in a blog post by rival browser firm Brave last week, has since been fixed.

But it revealed the security threat generated by embedding artificial intelligence directly into web browsing. In contrast to typical browsers, Comet is built around an embedded AI assistant that can read webpages, summarise them and perform tasks for the user, CNET reported.

This kind of automation comes with a catch. Since the assistant relies on the large language models, which is the same technology used by ChatGPT, it can allegedly be tricked into executing malicious commands buried in ordinary webpages. This technique is called prompt engineering.

Brave's developers demonstrated the vulnerability by building a test Reddit page with an invisible text. When Comet was commanded to summarise the content that could be seen, its AI inadvertently complied with the hidden directions, opening up tester access to affiliated accounts.

The vulnerability allowed Comet to scrape information from a user's Perplexity account, extract an email address and even try to browse into a Gmail inbox, Brave said. Classical security software failed to prevent the AI as it was doing exactly what the user would do.

According to CNET, Perplexity's communications head Jesse Dwyer said that the vulnerability has been “fixed,” and added that they “worked directly with Brave to identify and repair it.”