CometJacking: Prompt Injection Attack Turns Perplexity’s Comet AI Browser Into a Data Exfiltration Vector
Researchers disclosed 'CometJacking,' a prompt injection attack targeting Perplexity's Comet AI browser that uses a malicious URL to hijack the AI assistant and exfiltrate sensitive data such as emails and calendar entries. The attack bypasses existing data protections using simple Base64 encoding and leverages the browser's authorized access to connected services, highlighting new security risks in AI-native browsers.
AI Analysis
Technical Summary
Researchers disclosed 'CometJacking,' a prompt injection attack targeting Perplexity's Comet AI browser that uses a malicious URL to hijack the AI assistant and exfiltrate sensitive data such as emails and calendar entries. The attack bypasses existing data protections using simple Base64 encoding and leverages the browser's authorized access to connected services, highlighting new security risks in AI-native browsers.
Potential Impact
The article provides detailed, original research on a novel attack vector against AI-native browsers, including technical details and mitigation insights, making it highly relevant and valuable for cybersecurity defenders.
Mitigation Recommendations
Defenders should evaluate and implement controls to detect and block malicious agent prompts in AI browsers, monitor for suspicious URL-based prompt injections, and enforce security-by-design principles for AI assistant memory and prompt handling.
CometJacking: Prompt Injection Attack Turns Perplexity’s Comet AI Browser Into a Data Exfiltration Vector
Description
Researchers disclosed 'CometJacking,' a prompt injection attack targeting Perplexity's Comet AI browser that uses a malicious URL to hijack the AI assistant and exfiltrate sensitive data such as emails and calendar entries. The attack bypasses existing data protections using simple Base64 encoding and leverages the browser's authorized access to connected services, highlighting new security risks in AI-native browsers.
AI-Powered Analysis
Technical Analysis
Researchers disclosed 'CometJacking,' a prompt injection attack targeting Perplexity's Comet AI browser that uses a malicious URL to hijack the AI assistant and exfiltrate sensitive data such as emails and calendar entries. The attack bypasses existing data protections using simple Base64 encoding and leverages the browser's authorized access to connected services, highlighting new security risks in AI-native browsers.
Potential Impact
The article provides detailed, original research on a novel attack vector against AI-native browsers, including technical details and mitigation insights, making it highly relevant and valuable for cybersecurity defenders.
Mitigation Recommendations
Defenders should evaluate and implement controls to detect and block malicious agent prompts in AI browsers, monitor for suspicious URL-based prompt injections, and enforce security-by-design principles for AI assistant memory and prompt handling.
Required Action
Defenders should evaluate and implement controls to detect and block malicious agent prompts in AI browsers, monitor for suspicious URL-based prompt injections, and enforce security-by-design principles for AI assistant memory and prompt handling.
Technical Details
- Community Item Id
- 68e2e7b547833ad03504d7fe
- Community Submitter Notes
- null
Threat ID: 68e2e7b547833ad03504d801
Added to database: 10/5/2025, 9:48:37 PM
Last enriched: 10/5/2025, 9:48:37 PM
Last updated: 1/7/2026, 9:22:40 AM
Views: 301
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
4.3 Million Browsers Infected: Inside ShadyPanda's 7-Year Malware Campaign
MediumStriking Panda Attacks: APT31 Today
MediumKimsuky's Ongoing Evolution of KimJongRAT and Expanding Threats
MediumMobile Banking Malware bypassing WhatsApp, Telegram and Signal Encryption
MediumShadowRay 2.0: Active Global Campaign Hijacks Ray AI Infrastructure Into Self-Propagating Botnet
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.