Perplexity Comet prompt-injection research shows agentic browsers can be trained into phishing traps
Technical Analysis
Summary
Hide ▲
Show ▼
Perplexity's Comet AI browser is the focus of a technical analysis thread showing how prompt injection and malicious URLs can steer an agentic browser into data exfiltration and other unauthorized actions. The latest disclosure from LayerX introduced CometJacking, which uses a weaponized URL and the collection parameter to push hidden instructions into Comet, potentially pulling data from Gmail, Google Calendar, and other connected services. LayerX said the attack can bypass protections using Base64-encoding and send encoded data to an attacker-controlled endpoint, while Perplexity reportedly classified the findings as having "no security impact". Related research from Guardio, Trail of Bits, and Zenity Labs shows the same browser can be pushed into phishing flows, private data leakage, and zero-click abuse paths.
Related Happenings
Indirect prompt-injection web campaigns targeting AI agents
Campaign
H score37
First: 06.07.2026 18:00
Last: 06.07.2026 18:00
Sources 1
About this happening:
**Two real-world campaigns** are using **indirect prompt injection** and **SEO poisoning** to steer **AI agents** into fraudulent actions and false legitimacy judgments. The lures...
Indirect prompt-injection web campaigns targeting AI agents
CampaignAbout this happening: **Two real-world campaigns** are using **indirect prompt injection** and **SEO poisoning** to steer **AI agents** into fraudulent actions and false legitimacy judgments. The lures...
AI browser guidance to prompt before reading logged-in accounts and limit agent access
Defensive Guidance
H score28
First: 30.06.2026 11:37
Last: 30.06.2026 11:37
Sources 1
About this happening:
**LayerX** recommends tightening **AI browser agent mode** so the browser must ask before reading from **logged-in accounts**, reducing the risk of **credential theft** through **...
AI browser guidance to prompt before reading logged-in accounts and limit agent access
Defensive GuidanceAbout this happening: **LayerX** recommends tightening **AI browser agent mode** so the browser must ask before reading from **logged-in accounts**, reducing the risk of **credential theft** through **...
Search for perplexity ai malicious Chrome extension
Malware Activity
H score29
First: 29.06.2026 21:40
Last: 29.06.2026 21:40
Sources 1
About this happening:
A malicious **Chrome extension** named **Search for perplexity ai** impersonated **Perplexity AI** while **intercepting search traffic** and collecting **browsing information** th...
Search for perplexity ai malicious Chrome extension
Malware ActivityAbout this happening: A malicious **Chrome extension** named **Search for perplexity ai** impersonated **Perplexity AI** while **intercepting search traffic** and collecting **browsing information** th...
Dormant remote-controlled JavaScript injection path in Adblock for YouTube Chrome extension
Technical Analysis
H score23
First: 25.06.2026 17:12
Last: 25.06.2026 17:12
Sources 1
About this happening:
A **Chrome extension** with **10 million+ installs** was found to carry a **dormant script-injection path**, raising the risk of **arbitrary JavaScript execution** across visited...
Dormant remote-controlled JavaScript injection path in Adblock for YouTube Chrome extension
Technical AnalysisAbout this happening: A **Chrome extension** with **10 million+ installs** was found to carry a **dormant script-injection path**, raising the risk of **arbitrary JavaScript execution** across visited...
LayerX BioShocking prompt injection against agentic browsers
Technical Analysis
H score30
First: 24.06.2026 19:05
Last: 24.06.2026 19:05
Sources 1
About this happening:
Researchers demonstrated **BioShocking**, a prompt-injection technique that pushed **six agentic browsers and plugins** past guardrails and made them **copy login credentials** fo...
LayerX BioShocking prompt injection against agentic browsers
Technical AnalysisAbout this happening: Researchers demonstrated **BioShocking**, a prompt-injection technique that pushed **six agentic browsers and plugins** past guardrails and made them **copy login credentials** fo...
Timeline
-
11.03.2026 18:38 4 articles · 4mo ago
Comet AI browser prompt-injection research disclosure
Technical Analysis UpdateGuardio disclosed that Perplexity's Comet AI browser can be manipulated into a phishing flow by intercepting browser-to-AI traffic and using it as training data for a Generative Adversarial Network (GAN), while Trail of Bits showed four prompt-injection techniques that can pull private data from Gmail through Comet and Zenity Labs described two zero-click PerplexedBrowser attacks that can leak local files or hijack an unlocked 1Password account; the shared technical theme is that agentic browser reasoning and untrusted web data can be combined into execution plans that bypass guardrails.
Show sources
- Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes — thehackernews.com — 11.03.2026 18:38
- Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes — thehackernews.com — 11.03.2026 18:38
- CommetJacking attack tricks Comet browser into stealing emails — www.bleepingcomputer.com — 03.10.2025 17:01
- CometJacking: One Click Can Turn Perplexity’s Comet AI Browser Into a Data Thief — thehackernews.com — 04.10.2025 17:37