CometJacking prompt-injection in Perplexity's Comet AI browser
Security Tool/Service
Summary
Hide ▲
Show ▼
LayerX disclosed CometJacking, a prompt injection attack against Perplexity's Comet AI browser that uses a weaponized URL and the collection parameter to inject hidden instructions into the agent. In the reported scenario, a crafted link can steer the browser toward Gmail and Google Calendar data, Base64-encode it, and send it to an attacker-controlled endpoint, turning an ordinary click into a cross-service exfiltration path. Perplexity said the findings had "no security impact", but the issue shows how an agentic browser can be redirected by a link to access connected services without credential theft or direct user awareness.
Related Happenings
Perplexity Comet prompt-injection research shows agentic browsers can be trained into phishing traps
Technical Analysis
First: 11.03.2026 18:38
Last: 11.03.2026 18:38
Sources 1
How related:
Cybersecurity researchers have disclosed details of a new attack called CometJacking targeting Perplexity's agentic AI browser Comet by embedding malicious prompts within a seemingly innocuous link to siphon sensitive data, including from connected services, like email and calendar.
About this happening:
**Perplexity's Comet AI browser** is the focus of a **technical analysis** thread showing how **prompt injection** and **malicious URLs** can steer an agentic browser into **data...
Perplexity Comet prompt-injection research shows agentic browsers can be trained into phishing traps
Technical AnalysisHow related: Cybersecurity researchers have disclosed details of a new attack called CometJacking targeting Perplexity's agentic AI browser Comet by embedding malicious prompts within a seemingly innocuous link to siphon sensitive data, including from connected services, like email and calendar.
About this happening: **Perplexity's Comet AI browser** is the focus of a **technical analysis** thread showing how **prompt injection** and **malicious URLs** can steer an agentic browser into **data...
Fake AI assistant Chrome extension malware activity
Malware Activity
First: 16.02.2026 16:00
Last: 16.02.2026 16:00
Sources 1
About this happening:
A cluster of **30 malicious Chrome extensions** posing as **AI assistants** is stealing **email content** and other sensitive data from **Chrome users**, creating a broad browser-...
Fake AI assistant Chrome extension malware activity
Malware ActivityAbout this happening: A cluster of **30 malicious Chrome extensions** posing as **AI assistants** is stealing **email content** and other sensitive data from **Chrome users**, creating a broad browser-...
CL Suite Chrome extension stealing Meta Business data
Malware Activity
First: 13.02.2026 13:25
Last: 13.02.2026 13:25
Sources 1
About this happening:
The **CL Suite** Chrome extension is exfiltrating **TOTP seeds**, **current 2FA codes**, and **Meta Business** data from **Meta Business Suite** and **Facebook Business Manager**...
CL Suite Chrome extension stealing Meta Business data
Malware ActivityAbout this happening: The **CL Suite** Chrome extension is exfiltrating **TOTP seeds**, **current 2FA codes**, and **Meta Business** data from **Meta Business Suite** and **Facebook Business Manager**...
AiFrame malicious Chrome extension campaign
Campaign
First: 12.02.2026 15:41
Last: 12.02.2026 15:41
Sources 1
About this happening:
The **AiFrame** campaign uses **fake AI assistants** in the **Chrome Web Store** to distribute **30 malicious Chrome extensions** that can **steal email content, browser content,...
AiFrame malicious Chrome extension campaign
CampaignAbout this happening: The **AiFrame** campaign uses **fake AI assistants** in the **Chrome Web Store** to distribute **30 malicious Chrome extensions** that can **steal email content, browser content,...
Malicious Chrome extensions hijack affiliate links and steal ChatGPT tokens
Malware Activity
First: 30.01.2026 15:42
Last: 30.01.2026 15:42
Sources 1
About this happening:
A cluster of **malicious Google Chrome extensions** is being used to **hijack affiliate links**, **scrape product data**, and steal **OpenAI ChatGPT authentication tokens**, creat...
Malicious Chrome extensions hijack affiliate links and steal ChatGPT tokens
Malware ActivityAbout this happening: A cluster of **malicious Google Chrome extensions** is being used to **hijack affiliate links**, **scrape product data**, and steal **OpenAI ChatGPT authentication tokens**, creat...
Timeline
-
03.10.2025 17:01 3 articles · 7mo ago
LayerX discloses CometJacking in Perplexity's Comet AI browser
Initial DisclosureLayerX researchers disclosed CometJacking, a prompt-injection path in Perplexity's Comet AI browser that uses the URL collection parameter to inject hidden instructions, steer the agent toward connected services, and exfiltrate data such as Gmail messages and Google Calendar invites after encoding it in base64.
Show sources
- CommetJacking attack tricks Comet browser into stealing emails — www.bleepingcomputer.com — 03.10.2025 17:01
- CommetJacking attack tricks Comet browser into stealing emails — www.bleepingcomputer.com — 03.10.2025 17:01
- CometJacking: One Click Can Turn Perplexity’s Comet AI Browser Into a Data Thief — thehackernews.com — 04.10.2025 17:37