CometJacking Attack Hijacks Perplexity AI Browser to Steal User Data
A malicious URL exploit turns Perplexity's Comet AI browser into a data thief, exfiltrating emails, calendar, and memory via encoded payloads.
Cybersecurity researchers have uncovered a new attack called CometJacking, which targets Perplexity's AI-powered browser, Comet. The attack leverages malicious prompts hidden within seemingly harmless links to siphon sensitive data, including emails, calendar entries, and user memory. This exploit bypasses Perplexity's security measures using Base64-encoding tricks, turning the AI browser into an unwitting data thief.
How CometJacking Works
The attack unfolds in five steps:
- A victim clicks on a specially crafted URL, delivered via phishing or embedded in a webpage.
- Instead of navigating to the intended destination, the URL triggers Comet's AI to execute a hidden prompt.
- The AI captures data from connected services like Gmail and Calendar.
- The stolen data is obfuscated using Base64 encoding.
- The encoded payload is sent to an attacker-controlled endpoint.
Michelle Levy, Head of Security Research at LayerX, warned, "This isn't just about stealing data; it's about hijacking the agent that already has the keys." The attack exploits Comet's trusted status, as it already has authorized access to user accounts.
Perplexity's Response and Broader Implications
Perplexity has dismissed the findings as having "no security impact," but experts argue that AI-native tools introduce new risks. Earlier this year, Guardio Labs revealed Scamlexity, a similar attack tricking AI browsers into interacting with phishing pages.
Or Eshed, CEO of LayerX, emphasized, "AI browsers are the next enterprise battleground." Organizations are urged to implement controls to detect and neutralize malicious prompts before widespread exploitation occurs.
For more details on the research, visit LayerX's report.
Follow The Hacker News for updates on emerging cybersecurity threats.
Related News
AWS extends Bedrock AgentCore Gateway to unify MCP servers for AI agents
AWS announces expanded Amazon Bedrock AgentCore Gateway support for MCP servers, enabling centralized management of AI agent tools across organizations.
CEOs Must Prioritize AI Investment Amid Rapid Change
Forward-thinking CEOs are focusing on AI investment, agile operations, and strategic growth to navigate disruption and lead competitively.
About the Author
Dr. Sarah Chen
AI Research Expert
A seasoned AI expert with 15 years of research experience, formerly worked at Stanford AI Lab for 8 years, specializing in machine learning and natural language processing. Currently serves as technical advisor for multiple AI companies and regularly contributes AI technology analysis articles to authoritative media like MIT Technology Review.