Perplexity's Comet browser faced prompt injection vuln

shadowwwind · August 24, 2025, 7:43am

Here is the blog post by brave with an example video: Agentic Browser Security: Indirect Prompt Injection in Perplexity Comet | Brave

They created a reddit post, that when summarized by comet would make the agent open a separate website, sign up to that with an email address of the user and then go to gmail, get the signup token and post both the email and the signup token as a comment on the reddit post. Without any user interaction apart from the “summarize this page”

And they used a reddit post but a malicious website could use invisible text

anon57927519 · August 24, 2025, 10:10am

@shadowwwind was it vibe coded? 😆

Natha · August 24, 2025, 5:44pm

It was announced to be a privacy disaster. And yet, they still managed to make it worse than the release of GPT5.

Does Perplexity even have a safety team? This is such an easy exploit that I honestly don’t know if we should laugh or cry about it.

If it wasn’t obvious already, don’t use their browser. You would have a better time (and more privacy) walking around naked in your favourite city center instead.

Topic		Replies	Views
Unseeable prompt injections in screenshots: more vulnerabilities in Comet and other AI browsers General article , software	1	113	October 27, 2025
Prompt Injection in AI Browsers - Schneier on Security General	0	108	November 11, 2025
1Password and Perplexity Collaboration General	5	522	October 1, 2025
Top AI Tools Exposed to "Man‑in‑the‑Prompt" Browser Extension Attack News article	0	182	August 1, 2025
Brave adds experimental agentic AI browsing feature News	16	740	December 14, 2025

Perplexity's Comet browser faced prompt injection vuln

Related topics