- A new attack named CometJacking targets Perplexity‘s agentic AI browser Comet via malicious embedded prompts.
- The attack uses a deceptive link to extract sensitive data from connected services like email and calendar.
- CometJacking bypasses existing data protection by using simple Base64-encoding for data exfiltration.
- The attack requires no credential theft since the browser already has authorized access to user accounts.
- Experts warn AI-enabled browsers pose new security threats that need built-in protections for prompt and memory handling.
Cybersecurity experts have revealed details of a newly identified attack called CometJacking, which exploits Perplexity‘s AI-powered browser, Comet. This method uses malicious prompts hidden inside seemingly harmless links to steal sensitive data from services linked to the browser, such as email and calendar.
The attack unfolds when a user clicks a specially crafted URL that triggers the browser’s AI to execute a hidden command. This command gathers private information from connected accounts, encodes the data with Base64 (a simple text encoding method), and sends it to a server controlled by the attacker. The entire process bypasses standard protections as it does not involve stealing user credentials, relying instead on the browser’s existing authorized access.
Michelle Levy, Head of Security Research at LayerX, said, “CometJacking shows how a single, weaponized URL can quietly flip an AI browser from a trusted co-pilot to an insider threat.” She added, “Our research proves that trivial obfuscation can bypass data exfiltration checks and pull email, calendar, and connector data off-box in one click.” Levy emphasized the need for AI browsers to incorporate security throughout their design, especially around agent prompts and memory access, not just web page content.
The malicious link uses their “collection” parameter to instruct the AI agent to access stored prompts, avoiding real-time web searches. While Perplexity has stated their findings pose “no security impact,” the incident raises concerns about new vulnerabilities inherent in AI-native tools. These risks challenge traditional defenses and highlight how attackers could misuse AI assistants within browsers.
This follows a 2020 attack called Scamlexity, disclosed by Guardio Labs, which showed how browsers like Comet could be manipulated into interacting with phishing or fake shopping sites without user knowledge. Or Eshed, CEO of LayerX, noted, “AI browsers are the next enterprise battleground,” and urged organizations to actively develop systems to detect and block malicious AI prompts before such attacks become common.
For more information on the attack, see the full report at LayerX’s blog.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Wells Fargo: US Dollar’s Reserve Status Safe Despite BRICS Push
- Stablecoin Market Hits $300B, Signals Potential Crypto Rally
- Jamie Dimon Warns US Dollar Reserve Status at Risk Over Mismanagement
- Bitcoin Hits $124K High as Trump Floats $2,000 Tariff Dividend
- Ethereum’s Fusaka Upgrade Promises Lower Costs, Greater Efficiency
