They created a reddit post, that when summarized by comet would make the agent open a separate website, sign up to that with an email address of the user and then go to gmail, get the signup token and post both the email and the signup token as a comment on the reddit post. Without any user interaction apart from the “summarize this page”
And they used a reddit post but a malicious website could use invisible text
It was announced to be a privacy disaster. And yet, they still managed to make it worse than the release of GPT5.
Does Perplexity even have a safety team? This is such an easy exploit that I honestly don’t know if we should laugh or cry about it.
If it wasn’t obvious already, don’t use their browser. You would have a better time (and more privacy) walking around naked in your favourite city center instead.
