CometJacking Attack Hijacks Perplexity AI Browser to Steal User Data
A malicious URL exploit turns Perplexity's Comet AI browser into a data thief, exfiltrating emails, calendar, and memory via encoded payloads.
Cybersecurity researchers have uncovered a new attack called CometJacking, which targets Perplexity's AI-powered browser, Comet. The attack leverages malicious prompts hidden within seemingly harmless links to siphon sensitive data, including emails, calendar entries, and user memory. This exploit bypasses Perplexity's security measures using Base64-encoding tricks, turning the AI browser into an unwitting data thief.
How CometJacking Works
The attack unfolds in five steps:
- A victim clicks on a specially crafted URL, delivered via phishing or embedded in a webpage.
- Instead of navigating to the intended destination, the URL triggers Comet's AI to execute a hidden prompt.
- The AI captures data from connected services like Gmail and Calendar.
- The stolen data is obfuscated using Base64 encoding.
- The encoded payload is sent to an attacker-controlled endpoint.
Michelle Levy, Head of Security Research at LayerX, warned, "This isn't just about stealing data; it's about hijacking the agent that already has the keys." The attack exploits Comet's trusted status, as it already has authorized access to user accounts.
Perplexity's Response and Broader Implications
Perplexity has dismissed the findings as having "no security impact," but experts argue that AI-native tools introduce new risks. Earlier this year, Guardio Labs revealed Scamlexity, a similar attack tricking AI browsers into interacting with phishing pages.
Or Eshed, CEO of LayerX, emphasized, "AI browsers are the next enterprise battleground." Organizations are urged to implement controls to detect and neutralize malicious prompts before widespread exploitation occurs.
For more details on the research, visit LayerX's report.
Follow The Hacker News for updates on emerging cybersecurity threats.
Related News
Heidi Health secures 65M Series B funding for AI medical scribe
Heidi Health raised 65 million in Series B funding led by Steve Cohens Point72 Private Investments to expand its AI medical scribe platform.
Deutsche Telekom launches AI-phone Pro with advanced features
Deutsche Telekom introduces AI-phone Pro with Perplexity assistant and Picsart integration launching October 14
About the Author
Dr. Sarah Chen
AI Research Expert
A seasoned AI expert with 15 years of research experience, formerly worked at Stanford AI Lab for 8 years, specializing in machine learning and natural language processing. Currently serves as technical advisor for multiple AI companies and regularly contributes AI technology analysis articles to authoritative media like MIT Technology Review.