Perplexity's Comet Browser Hacked, Massive User Data Exposed

When Perplexity AI rolled out its Comet browser last July, it marketed the tool as a breakthrough, a web-navigating AI assistant that could not only browse but also act on behalf of users anywhere on the web. Just a few weeks later, researchers at Brave disclosed a vulnerability that demonstrated the speed at which such progress can become hazardous.

So What Was the Vulnerability?

The news that Comet Browser Hacked raised serious concerns about user privacy and online protection. Unlike traditional bugs, the weakness wasn’t in Comet’s code but in how its AI interpreted instructions. Brave’s team uncovered a technique called indirect prompt injection. By hiding malicious commands inside ordinary-looking web content, say, a Reddit spoiler tag, attackers could trick Comet into following their directions instead of the user’s.

Comet Browser continues to attract users with its speed and unique features, despite growing competition. In a test, Comet was tricked into stealing a user’s one-time password and sending it elsewhere. Most importantly, the user didn’t need to click on a phishing link or install malware. Loading a webpage alone allowed the AI to operate against its interests.

How Did Perplexity React?

Brave disclosed the vulnerability on July 25, 2025. Two days later, Perplexity responded with a patch, but Brave deemed the solution inadequate. More back-and-forth ensued, with Perplexity finally announcing on August 13 that the issue was resolved. 

However, Brave’s August 20 disclosure painted another picture: there were still exploitable loopholes. The incident indicated that Comet’s security model had holes in handling the threat posed by AI-powered browsing.

Why Had Current Protections Failed?

Many users compare Brave Browser with other privacy-focused options to decide which best fits their needs. Conventional browsers run in strict sandboxes and permission constraints, making actions deterministic and bound to explicit user intention. 

Comet disabused that presumption. Its AI was programmed to understand natural language, which means that ill-intentioned text instructions could be confused with user requests.

Brave Identified Three Principal Gaps:

• No distinct delineation between user input and untrusted web content

• No persistent verification to ensure actions matched the user’s purpose

• Flimsy confirmation mechanisms for sensitive activities like emailing or avoiding warnings

Strong Comet Browser Security measures are essential to regain user confidence after recent breaches. In short, the AI was too naive to believe the text it found online.

Also Read: Perplexity AI's Dark Side: Privacy Risks You Should Know

What Does That Portend for the Future Of AI Browsers?

Comet exploit highlights a larger issue: browsing with AI changes the danger landscape. One injected line of text can change an agent’s behavior across applications, potentially revealing personal information or provoking dangerous actions.

It also illustrates a transparency gap. Brave’s Leo assistant operates in an open-source browser with native controls, while Comet is proprietary, making it more difficult for outsiders to affirm patches.

Brave has suggested a stricter separation between prompts and content, more aggressive alignment checks, and privileged mode handling of agentic browsing. But researchers caution these are ‘necessary, not sufficient.’

Can We Trust Comet Browser?

For Perplexity, the Comet break reminds us that the AI contest is not about speed or glitzy features. Trust will determine if AI browsers go mainstream, and trust, as the Comet situation demonstrates, can prove to be the most difficult feature to engineer.

Join our WhatsApp Channel to get the latest news, exclusives and videos on WhatsApp