Perplexity’s Comet AI browser had a major security flaw that put users’ emails, passwords and banking data at risk
Posted on: Aug 26, 2025 07:08 IST | Posted by: Livemint
Perplexity's AI based net web browser Comet suffered from a john major exposure that potentially allowed badness actors to get access to sensitive data of users such as emails, banking passwords and other details through a technique called indirect prompt injection.
Notably, Comet is among a slew of new age AI based browsers that use large language models in order to follow tasks autonomously on user's begalf. Using its in-built AI, the browser is capable to completing tasks like summarizing web pages, emails, calendar events, managing tabs and even answer questions about the content on their screen.
However, a new research by Brave, rival browser company, has found a vulnerability in how Comet process webpage summarization requests. The researchers say that when clicked on “Summarize this webpage,” Comet feeds a part of the webpage directly into its LLM without distinguishing betwen the user's instruction and untrusted content from the webpage, this opens up the browser for indirect prompt injection.
Essentially, the attackers could embed indirect prompts inside of webpages like white text on a website they own, or content on even social media websites like Facebook and Reddit and Comets LLM may treat those indirect cues as if the user had actually asked for those instructions.
This vulnerability lets attackers trick the AI into fulfilling actions that the users never requested for. In a demo video, Brave showed how attackers could have used Comet to easily gain access to a user's Perplexity account by asking the AI to extract the user's personal email, requesting for an OTP from the company and logging into Gmail to access that OTP.
The researchers further state that the vulnerability in Comet could have been exploited to complete tasks like getting access to a user's banking data, extracting saved passwords or send sensitive information directly to attacker controlled server.
The Brave blogpost states that despite informing Perplexity of the vulnerability on 11 August, it had not been fixed by the time of publication of blogpost on 20 August.
The AI search startup in a statement to CNET, has now confirmed that the issue has now indeed been resolved.
Jesse Dwyer, Perplexity's head of communications told the publication, "This vulnerability is fixed…We have a pretty robust bounty program, and we worked directly with Brave to identify and repair it."
Global News Perspectives
In today's interconnected world, staying informed about global events is more important than ever. ZisNews provides news coverage from multiple countries, allowing you to compare how different regions report on the same stories. This unique approach helps you gain a broader and more balanced understanding of international affairs. Whether it's politics, business, technology, or cultural trends, ZisNews ensures that you get a well-rounded perspective rather than a one-sided view. Expand your knowledge and see how global narratives unfold from different angles.
Customizable News Feed
At ZisNews, we understand that not every news story interests everyone. That's why we offer a customizable news feed, allowing you to control what you see. By adding keywords, you can filter out unwanted news, blocking articles that contain specific words in their titles or descriptions. This feature enables you to create a personalized experience where you only receive content that aligns with your interests. Register today to take full advantage of this functionality and enjoy a distraction-free news feed.
Like or Comment on News
Stay engaged with the news by interacting with stories that matter to you. Like or dislike articles based on your opinion, and share your thoughts in the comments section. Join discussions, see what others are saying, and be a part of an informed community that values meaningful conversations.
Download the Android App
For a seamless news experience, download the ZisNews Android app. Get instant notifications based on your selected categories and stay updated on breaking news. The app also allows you to block unwanted news, ensuring that you only receive content that aligns with your preferences. Stay connected anytime, anywhere.
Diverse News Categories
With ZisNews, you can explore a wide range of topics, ensuring that you never miss important developments. From Technology and Science to Sports, Politics, and Entertainment, we bring you the latest updates from the world's most trusted sources. Whether you are interested in groundbreaking scientific discoveries, tech innovations, or major sports events, our platform keeps you updated in real-time. Our carefully curated news selection helps you stay ahead, providing accurate and relevant stories tailored to diverse interests.
No comments yet.