Perplexity AI’s Comet AI browser, launched as an advanced AI-powered web assistant, has quickly come under fire after researchers at Brave Browser discovered a major vulnerability. Marketed as an agentic browsing tool capable of reading, summarizing, and executing tasks across the internet, Comet instead became an entry point for attackers through a prompt injection attack—a new class of AI hacking technique that could compromise sensitive data.
The Comet AI hack didn’t rely on traditional malware or phishing. Instead, attackers embedded malicious hidden commands within harmless-looking web content such as Reddit spoiler tags. These instructions tricked the AI agent into executing harmful actions—like stealing user credentials or forwarding one-time passwords—without the user’s knowledge. Unlike standard cybersecurity attacks, this breach targeted the AI system itself rather than the end user.
Brave Security’s Findings
Brave’s security team highlighted that Comet blurred the boundary between user intent and untrusted web data. Without strict separation, the AI agent could be manipulated by malicious prompts embedded in web pages. Even after Perplexity issued a security patch, Brave’s retesting revealed persistent loopholes. On August 20, 2025, Brave disclosed that the fixes were incomplete, warning that agentic browsing introduces unique AI security risks.
Why AI Browsers Face New Cybersecurity Challenges
Traditional web browsers operate within sandboxing and permission models, but AI-driven browsers like Comet break those assumptions. Since AI agents interpret natural language, they can be misled by prompt injections disguised as legitimate content. Security gaps identified include:
● No separation between user prompts and website commands
● Weak alignment checks to confirm user intent
● Lack of strong confirmation mechanisms for sensitive tasks
● Bigger Implications for AI Security
The Comet AI browser hack serves as a wake-up call for the future of AI browsing and cybersecurity. It shows how AI vulnerabilities can reshape the cyber threat landscape, where a single hidden sentence could manipulate entire browsing sessions. For Perplexity, the breach is more than a technical setback—it’s a trust issue. As AI-powered assistants increasingly become mainstream, building robust AI security frameworks, ensuring data privacy protection, and maintaining user trust in AI systems will be the defining challenges for the industry.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
