Perplexity’s Comet AI browser had a major security flaw that put users’ emails, passwords and banking data at risk

By Admin

26 Aug, 2025

AI-powered browsers are becoming the next frontier in web innovation, promising automation, smart assistance, and seamless online navigation. However, the latest findings from Brave have raised serious concerns about security in this fast-evolving space. Perplexity’s Comet AI browser, designed to handle tasks like summarizing web pages, emails, and managing online content, was recently found to have a major vulnerability that could have exposed sensitive user data including emails, passwords, and even banking details.

The Flaw in Comet’s AI Summarization

At the heart of the issue lies indirect prompt injection, a technique where attackers embed malicious instructions inside seemingly harmless webpage content. Comet’s AI model, when tasked with summarizing a webpage, failed to differentiate between user commands and hidden prompts inserted by attackers. This meant that if a user clicked “Summarize this webpage,” the AI could be manipulated into executing unintended instructions.

Brave’s researchers explained that unlike traditional web vulnerabilities, this flaw bypasses protections like same-origin policy (SOP) or cross-origin resource sharing (CORS). In essence, simple natural language embedded in a webpage could mislead the AI into carrying out dangerous actions on behalf of the attacker.

How Attackers Could Exploit It

The vulnerability gave malicious actors the ability to gain access to highly sensitive information. According to Brave’s demo, attackers could:

• Extract a user’s personal email.
  
  

• Request a one-time password (OTP) from Perplexity.
  
  

• Log into Gmail to retrieve the OTP.
  
  

• Access stored banking data and saved passwords.
  
  

• Send confidential information directly to attacker-controlled servers.
  
  

What made the flaw particularly alarming was that attackers didn’t need sophisticated exploits just cleverly hidden text on websites, including social media platforms like Facebook or Reddit, could have triggered unauthorized AI actions.

Brave’s Findings and Disclosure

Brave disclosed that it informed Perplexity of the vulnerability on August 11, but as of the publication of their blog post on August 20, the flaw had not yet been fixed. The situation drew attention because of the speed at which AI-based browsers are being adopted, and the serious implications of leaving such a vulnerability unpatched.

Perplexity’s Response

In response to the report, Perplexity confirmed to CNET that the vulnerability has since been resolved. Jesse Dwyer, Perplexity’s head of communications, stated:

“This vulnerability is fixed…We have a pretty robust bounty program, and we worked directly with Brave to identify and repair it.”

While the company acted after disclosure, the incident highlights the challenges of securing AI-powered tools that are designed to execute tasks autonomously.

What This Means for AI Browsers

The Comet vulnerability serves as a warning for the entire AI-browser ecosystem. As these tools become more capable of handling sensitive, user-level tasks, they also open up new attack surfaces that traditional web security policies cannot address. The growing reliance on AI assistants makes it critical for companies to adopt robust safeguards against prompt injection and other AI-specific vulnerabilities.

For users, this incident underscores the importance of staying vigilant when adopting emerging technologies, especially those that involve handling personal and financial data.