Cybersecurity researchers have revealed a new attack called CometJacking, aimed at Perplexity’s Comet browser. This attack is based on injecting malicious prompts into seemingly harmless links, allowing the theft of sensitive data from connected services like Gmail and Calendar. The threat is activated by clicking on a crafted link, which causes the browser to execute a hidden prompt, capturing personal information and sending it to a server controlled by the attacker.
A very serious security problem
The investigation has highlighted how a single poisoned link can transform an AI browser, which is considered a trusted assistant, into an internal threat. Michelle Levy, head of security research at LayerX, stated that “it’s not just about stealing data; it’s about hijacking the agent that already has the keys”. This type of attack bypasses Perplexity’s data protection measures using simple obfuscation tricks like Base64 encoding.
The CometJacking attack operates in five steps: it is activated when a victim clicks on a malicious link, either in a phishing email or on a webpage. Instead of directing the user to the intended destination, the link instructs the Comet browser’s artificial intelligence to execute a hidden prompt that captures user data and sends it to an endpoint controlled by the attacker.
Despite the fact that Perplexity has categorized the findings as having “no impact on security,” the situation highlights the inherent vulnerabilities of native artificial intelligence tools. Organizations must review and improve controls to detect and neutralize these malicious prompts, as attacks can escalate into widespread campaigns, turning browsers into checkpoints within corporate networks.
