Security Flaw in Perplexity’s Comet AI Browser Exposed Users to Risk

Perplexity’s new AI-powered browser, Comet, recently suffered from a security flaw that could have left users open to phishing scams. The vulnerability was first identified by competing browser maker Brave, which alerted Perplexity to the issue. Perplexity has since confirmed that the flaw was patched in coordination with Brave.

How the Attack Worked

The vulnerability centered on Comet’s built-in AI assistant, which scans and summarizes web pages for users. Brave researchers demonstrated that malicious actors could exploit this feature using “invisible prompts” — hidden text embedded within web content that tricks the AI into revealing sensitive user information.

In a test, Brave created a Reddit page with hidden text and asked Comet to summarize it. The AI assistant processed the malicious instructions and was tricked into exposing user details, including access to personal accounts such as Gmail.

Broader Risks of AI-Driven Tools

The flaw highlights a wider issue with generative AI technologies: they can be manipulated through prompt engineering in ways that traditional systems are not. Threat actors are increasingly using AI platforms to launch scams, including phishing campaigns. Security experts warn that such risks will continue to grow as AI tools become more deeply integrated into web browsing and everyday applications.

Generative AI services across the industry — including chatbots and productivity tools — have already been prime targets for hackers, making vigilance around their security essential.

Perplexity confirmed that it worked closely with Brave to fix the flaw and stressed that user security is a priority. However, the incident underscores how even new platforms marketed as cutting-edge can still face serious vulnerabilities if security safeguards are not rigorously tested.

Featured image credit: Freepik

For more stories like it, click the +Follow button at the top of this page to follow us.