Find notable cyber news and cases, enriched with sources, timelines, and signals.

Perplexity Comet prompt-injection research shows agentic browsers can be trained into phishing traps

Technical Analysis
First reported
Last updated
Happening score
H score 25
2 unique sources, 3 articles

Summary

Hide ▲

Perplexity's Comet AI browser is the focus of a technical analysis thread showing how prompt injection and malicious URLs can steer an agentic browser into data exfiltration and other unauthorized actions. The latest disclosure from LayerX introduced CometJacking, which uses a weaponized URL and the collection parameter to push hidden instructions into Comet, potentially pulling data from Gmail, Google Calendar, and other connected services. LayerX said the attack can bypass protections using Base64-encoding and send encoded data to an attacker-controlled endpoint, while Perplexity reportedly classified the findings as having "no security impact". Related research from Guardio, Trail of Bits, and Zenity Labs shows the same browser can be pushed into phishing flows, private data leakage, and zero-click abuse paths.

Related Happenings

Indirect prompt-injection web campaigns targeting AI agents

Campaign
H score37 First: 06.07.2026 18:00 Last: 06.07.2026 18:00 Sources 1

About this happening: **Two real-world campaigns** are using **indirect prompt injection** and **SEO poisoning** to steer **AI agents** into fraudulent actions and false legitimacy judgments. The lures...

AI browser guidance to prompt before reading logged-in accounts and limit agent access

Defensive Guidance
H score28 First: 30.06.2026 11:37 Last: 30.06.2026 11:37 Sources 1

About this happening: **LayerX** recommends tightening **AI browser agent mode** so the browser must ask before reading from **logged-in accounts**, reducing the risk of **credential theft** through **...

Search for perplexity ai malicious Chrome extension

Malware Activity
H score29 First: 29.06.2026 21:40 Last: 29.06.2026 21:40 Sources 1

About this happening: A malicious **Chrome extension** named **Search for perplexity ai** impersonated **Perplexity AI** while **intercepting search traffic** and collecting **browsing information** th...

Dormant remote-controlled JavaScript injection path in Adblock for YouTube Chrome extension

Technical Analysis
H score23 First: 25.06.2026 17:12 Last: 25.06.2026 17:12 Sources 1

About this happening: A **Chrome extension** with **10 million+ installs** was found to carry a **dormant script-injection path**, raising the risk of **arbitrary JavaScript execution** across visited...

LayerX BioShocking prompt injection against agentic browsers

Technical Analysis
H score30 First: 24.06.2026 19:05 Last: 24.06.2026 19:05 Sources 1

About this happening: Researchers demonstrated **BioShocking**, a prompt-injection technique that pushed **six agentic browsers and plugins** past guardrails and made them **copy login credentials** fo...

Timeline

  1. 11.03.2026 18:38 4 articles · 4mo ago

    Comet AI browser prompt-injection research disclosure

    Technical Analysis Update

    Guardio disclosed that Perplexity's Comet AI browser can be manipulated into a phishing flow by intercepting browser-to-AI traffic and using it as training data for a Generative Adversarial Network (GAN), while Trail of Bits showed four prompt-injection techniques that can pull private data from Gmail through Comet and Zenity Labs described two zero-click PerplexedBrowser attacks that can leak local files or hijack an unlocked 1Password account; the shared technical theme is that agentic browser reasoning and untrusted web data can be combined into execution plans that bypass guardrails.

    Show sources