Researchers at Zenity Labs uncover PleaseFix flaws in Perplexity’s Comet browser. See how zero-click calendar invites allow AI agents to steal 1Password credentials and personal files.
Tag: Perplexity’s
AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
Perplexity Comet Browser Bug Leaks Local Files via AI Prompt Injection
A newly disclosed attack against Perplexity’s AI-powered Comet browser shows how agentic browsers can be manipulated into leaking sensitive data directly from a user’s machine. Zenity Labs researchers demonstrated a zero-click attack that tricks the browser’s AI agent into reading local files and sending their contents to an attacker-controlled server. The attack “… results in…