Perplexity Comet prompt-injection research shows agentic browsers can be trained into phishing traps
Technical Analysis
Summary
Hide ▲
Show ▼
Perplexity's Comet AI browser is the focus of a technical analysis thread showing how prompt injection and malicious URLs can steer an agentic browser into data exfiltration and other unauthorized actions. The latest disclosure from LayerX introduced CometJacking, which uses a weaponized URL and the collection parameter to push hidden instructions into Comet, potentially pulling data from Gmail, Google Calendar, and other connected services. LayerX said the attack can bypass protections using Base64-encoding and send encoded data to an attacker-controlled endpoint, while Perplexity reportedly classified the findings as having "no security impact". Related research from Guardio, Trail of Bits, and Zenity Labs shows the same browser can be pushed into phishing flows, private data leakage, and zero-click abuse paths.
Related Happenings
Chromium JavaScript background RCE flaw
Vulnerability
First: 21.05.2026 21:13
Last: 21.05.2026 21:13
Sources 1
About this happening:
The unfixed **Chromium** flaw keeps **JavaScript** running after the browser is closed, creating **remote code execution** risk across **Chromium-based browsers**. A malicious sit...
Chromium JavaScript background RCE flaw
VulnerabilityAbout this happening: The unfixed **Chromium** flaw keeps **JavaScript** running after the browser is closed, creating **remote code execution** risk across **Chromium-based browsers**. A malicious sit...
Gremlin stealer modular toolkit evolution
Malware Activity
First: 15.05.2026 17:19
Last: 15.05.2026 17:19
Sources 1
About this happening:
The **Gremlin stealer** malware has expanded into a **modular toolkit** with **session-hijacking** and **crypto clipping** capabilities, raising the risk of credential theft and a...
Gremlin stealer modular toolkit evolution
Malware ActivityAbout this happening: The **Gremlin stealer** malware has expanded into a **modular toolkit** with **session-hijacking** and **crypto clipping** capabilities, raising the risk of credential theft and a...
Robinhood account creation HTML injection security flaw
Vulnerability
First: 28.04.2026 02:11
Last: 28.04.2026 02:11
Sources 1
About this happening:
**Robinhood**'s **account creation/onboarding flow** was abused to inject **arbitrary HTML** into account confirmation emails, creating a phishing risk for customers. The flaw let...
Robinhood account creation HTML injection security flaw
VulnerabilityAbout this happening: **Robinhood**'s **account creation/onboarding flow** was abused to inject **arbitrary HTML** into account confirmation emails, creating a phishing risk for customers. The flaw let...
ATHR productized automated vishing platform for credential theft
Threat Actor Meta
First: 16.04.2026 17:09
Last: 16.04.2026 17:09
Sources 1
About this happening:
ATHR is turning **automated vishing** into a **productized underground service**, lowering the barrier for credential theft across **Google**, **Microsoft**, **Coinbase**, and oth...
ATHR productized automated vishing platform for credential theft
Threat Actor MetaAbout this happening: ATHR is turning **automated vishing** into a **productized underground service**, lowering the barrier for credential theft across **Google**, **Microsoft**, **Coinbase**, and oth...
108 Malicious Google Chrome extensions sharing a C2 backend
Malware Activity
First: 14.04.2026 11:35
Last: 14.04.2026 11:35
Sources 1
About this happening:
**108 malicious Google Chrome extensions** were found to use the same **C2 infrastructure** to steal credentials, sessions, and browsing data while injecting ads and arbitrary Jav...
108 Malicious Google Chrome extensions sharing a C2 backend
Malware ActivityAbout this happening: **108 malicious Google Chrome extensions** were found to use the same **C2 infrastructure** to steal credentials, sessions, and browsing data while injecting ads and arbitrary Jav...
Timeline
-
11.03.2026 18:38 4 articles · 2mo ago
Comet AI browser prompt-injection research disclosure
Technical Analysis UpdateGuardio disclosed that Perplexity's Comet AI browser can be manipulated into a phishing flow by intercepting browser-to-AI traffic and using it as training data for a Generative Adversarial Network (GAN), while Trail of Bits showed four prompt-injection techniques that can pull private data from Gmail through Comet and Zenity Labs described two zero-click PerplexedBrowser attacks that can leak local files or hijack an unlocked 1Password account; the shared technical theme is that agentic browser reasoning and untrusted web data can be combined into execution plans that bypass guardrails.
Show sources
- Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes — thehackernews.com — 11.03.2026 18:38
- Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes — thehackernews.com — 11.03.2026 18:38
- CommetJacking attack tricks Comet browser into stealing emails — www.bleepingcomputer.com — 03.10.2025 17:01
- CometJacking: One Click Can Turn Perplexity’s Comet AI Browser Into a Data Thief — thehackernews.com — 04.10.2025 17:37