CometJacking: Prompt Injection Attack Turns Perplexity’s Comet AI Browser Into a Data Exfiltration Vector
Researchers disclosed 'CometJacking,' a prompt injection attack targeting Perplexity's Comet AI browser that uses a malicious URL to hijack the AI assistant and exfiltrate sensitive data such as emails and calendar entries. The attack bypasses existing data protections using simple Base64 encoding and leverages the browser's authorized access to connected services, highlighting new security risks in AI-native browsers.
AI Analysis
Technical Summary
Researchers disclosed 'CometJacking,' a prompt injection attack targeting Perplexity's Comet AI browser that uses a malicious URL to hijack the AI assistant and exfiltrate sensitive data such as emails and calendar entries. The attack bypasses existing data protections using simple Base64 encoding and leverages the browser's authorized access to connected services, highlighting new security risks in AI-native browsers.
Potential Impact
The article provides detailed, original research on a novel attack vector against AI-native browsers, including technical details and mitigation insights, making it highly relevant and valuable for cybersecurity defenders.
Mitigation Recommendations
Defenders should evaluate and implement controls to detect and block malicious agent prompts in AI browsers, monitor for suspicious URL-based prompt injections, and enforce security-by-design principles for AI assistant memory and prompt handling.
CometJacking: Prompt Injection Attack Turns Perplexity’s Comet AI Browser Into a Data Exfiltration Vector
Description
Researchers disclosed 'CometJacking,' a prompt injection attack targeting Perplexity's Comet AI browser that uses a malicious URL to hijack the AI assistant and exfiltrate sensitive data such as emails and calendar entries. The attack bypasses existing data protections using simple Base64 encoding and leverages the browser's authorized access to connected services, highlighting new security risks in AI-native browsers.
AI-Powered Analysis
Technical Analysis
Researchers disclosed 'CometJacking,' a prompt injection attack targeting Perplexity's Comet AI browser that uses a malicious URL to hijack the AI assistant and exfiltrate sensitive data such as emails and calendar entries. The attack bypasses existing data protections using simple Base64 encoding and leverages the browser's authorized access to connected services, highlighting new security risks in AI-native browsers.
Potential Impact
The article provides detailed, original research on a novel attack vector against AI-native browsers, including technical details and mitigation insights, making it highly relevant and valuable for cybersecurity defenders.
Mitigation Recommendations
Defenders should evaluate and implement controls to detect and block malicious agent prompts in AI browsers, monitor for suspicious URL-based prompt injections, and enforce security-by-design principles for AI assistant memory and prompt handling.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Required Action
Defenders should evaluate and implement controls to detect and block malicious agent prompts in AI browsers, monitor for suspicious URL-based prompt injections, and enforce security-by-design principles for AI assistant memory and prompt handling.
Technical Details
- Community Item Id
- 68e2e7b547833ad03504d7fe
- Community Submitter Notes
- null
Threat ID: 68e2e7b547833ad03504d801
Added to database: 10/5/2025, 9:48:37 PM
Last enriched: 10/5/2025, 9:48:37 PM
Last updated: 11/20/2025, 6:11:45 AM
Views: 258
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
ShadowRay 2.0: Active Global Campaign Hijacks Ray AI Infrastructure Into Self-Propagating Botnet
MediumCat's Got Your Files: Lynx Ransomware
MediumIncrease in Lumma Stealer Activity Coincides with Use of Adaptive Browser Fingerprinting Tactics
MediumShuyal Stealer: Advanced Infostealer Targeting 19 Browsers
MediumSignal Introduces Sparse Post-Quantum Ratchet (SPQR) to Strengthen Encryption Against Quantum Attacks
HighActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.