When AI Assistants Meet Hidden Threats: The Perplexity Comet Vulnerability Explained

Brave AI researchers have uncovered a critical security flaw in Perplexity’s Comet browser that exposes a fundamental weakness in how modern AI assistants process web content. The vulnerability reveals how attackers can embed concealed instructions within webpages to manipulate the AI into executing unintended operations and potentially exposing sensitive user information.

How the Attack Works

The security issue centers on Comet’s inability to distinguish between legitimate page content and malicious hidden commands. When researchers tested the system by asking the AI assistant to summarize Reddit posts laced with embedded instructions, the AI faithfully executed those hidden directives. This demonstrates that the browser’s architecture lacks adequate safeguards to prevent prompt injection attacks—a technique where attackers inject commands through seemingly normal web content.

The Patch Doesn’t Tell the Full Story

Perplexity acknowledged the issue and claimed to have implemented fixes, stating that no actual user data was compromised. However, Brave’s security team maintains that the underlying vulnerability persists weeks after the purported patch. Their research suggests the fix addressed only surface-level symptoms rather than the architectural deficiencies that enable such attacks in the first place.

Why This Matters for Users

This discovery raises serious questions about how AI browsers handle untrusted content. Unlike traditional browsers that primarily render visual elements, AI-powered browsers execute semantic analysis on page content, creating new vectors for exploitation. The incident highlights that Comet’s current design framework remains vulnerable to more sophisticated variations of this attack, posing ongoing risks to user privacy and data security.

The Brave AI team’s findings serve as a reminder that as AI integration deepens in browser technology, security paradigms must evolve accordingly.