Researchers Warn of “CometJacking” Vulnerability in Perplexity’s AI Browser – A Single Click Could Lead to Data Theft

ยอดเข้าชม: 348 views

386/68 Monday, October 6, 2025

Cybersecurity researchers have disclosed a new attack technique called CometJacking, targeting Perplexity’s Comet AI browser. The attack leverages prompt injection by embedding malicious instructions inside seemingly safe links. Once a victim clicks the link, the AI within the browser executes commands to retrieve data from connected services-such as Gmail or calendar apps-without needing to steal passwords, since Comet already has authorized access to that information.

The Head of Security Research at LayerX explained that CometJacking demonstrates how a single link can instantly transform an AI browser from a trusted assistant into an insider threat within an organization. Attackers can conceal commands in the URL through the “collection” parameter, forcing the AI to fetch data from its memory instead of performing a normal search. To evade detection, the malicious instructions are obfuscated using Base64 encoding, enabling attackers to exfiltrate data to their own servers.

Although Perplexity has stated that the vulnerability poses no security risk, researchers caution that such attacks highlight the dangers of AI-native tools, which can bypass traditional defenses and be manipulated to act on behalf of attackers. LayerX warns that AI browsers are likely to become a new battleground for enterprise security, urging organizations to urgently assess and develop safeguards to prevent malicious instructions from reaching AI systems before this technique is exploited at scale.

Source https://thehackernews.com/2025/10/cometjacking-one-click-can-turn.html