Perplexity’s new AI browser, Comet, promised to turn the web into a hands‑free assistant, but a recent security disaster revealed that the very feature that makes it useful can also be its Achilles heel. Attackers can embed malicious instructions in ordinary web pages—blog posts, social media, even alt‑text—and the AI dutifully follows them, from opening email inboxes to exfiltrating sensitive codes. Security researchers demonstrated how a single poisoned site can hijack the AI’s entire session, allowing a hacker to control the assistant as if it were a remote‑controlled drone. The breach is not a one‑off bug; it exposes a fundamental flaw in how AI browsers treat every piece of text as equally trustworthy.
Unlike conventional browsers that act as passive bouncers, AI browsers read, understand, and act on content. This gives them the power to click, fill forms, and switch tabs—capabilities that, when compromised, grant attackers a remote key to the user’s digital life. Four key problems make the risk worse: unrestricted execution, persistent memory across sessions, blind trust in web content, and deliberate wall‑breaching to link sites. Comet’s design, prioritizing speed over safety, left out spam filtering, permission prompts, and transparent logs, turning the assistant into a naive intern that cannot distinguish a friend’s voice from a phishing whisper.
Fixing the problem requires a zero‑trust architecture built from the ground up. Every web‑derived input should first pass a hardened spam filter that flags suspicious commands. The AI should request explicit confirmation before accessing sensitive accounts or making purchases, and separate user instructions, web content, and internal logic into isolated channels. Continuous monitoring should flag anomalous behavior, and detailed, user‑readable logs should be accessible at all times. Meanwhile, users must adopt a cautious stance: limit the assistant’s permissions, remain alert to odd actions, and demand transparency. Only by treating every website as a potential threat can future AI browsers safely deliver convenience without compromising security.
Want the full story?
Read on VentureBeat →