Severe Security Flaw Found in Perplexity’s AI Browser Comet: Hackers Could Have Stolen Banking Data and Passwords

Perplexity’s much-hyped AI-powered web browser Comet has recently been found to contain a critical security vulnerability that could have put millions of users’ personal data at risk. According to a detailed report released by rival browser company Brave, the flaw could have allowed hackers to steal sensitive information such as emails, saved passwords, and even banking credentials.

The Discovery of the Flaw

The issue was exposed by Brave’s research team during a security review. They discovered that Comet’s AI engine, which automatically summarizes webpages and assists users with online tasks, was processing web content without distinguishing between genuine user commands and hidden malicious instructions embedded within websites.

This loophole opened the door for what cybersecurity experts call an “Indirect Prompt Injection” attack. In such attacks, hackers can insert hidden commands into a webpage, social media post, or even an email. When Comet’s AI reads these instructions, it treats them as legitimate requests, potentially exposing private user data.

How Hackers Could Exploit It

Researchers explained that attackers could have taken advantage of this weakness by placing hidden instructions on platforms like Facebook, Reddit, or personal websites. Once Comet’s AI processed these commands, it could be tricked into performing dangerous actions such as:

• Accessing and sharing the user’s email contents

• Requesting one-time passwords (OTPs)

• Logging into Gmail or other sensitive accounts

• Extracting and forwarding banking details or saved credentials

Unlike traditional cyber vulnerabilities that require malware or phishing tactics, this flaw relied on natural language instructions—making it more dangerous and harder for users to detect.

A Direct Threat to Banking and Online Privacy

The report highlights that the security gap could have compromised not just social accounts, but also financial information. Attackers had the potential to gain unauthorized access to online banking portals and steal stored login data. Brave noted that this was particularly concerning because the attack did not require advanced technical skills—just cleverly crafted instructions hidden in web content.

Perplexity’s Response

Brave officially reported the issue to Perplexity on August 11, 2025. However, according to the report, the company did not immediately patch the vulnerability. The fix was only implemented after August 20, nearly ten days later.

Following the public disclosure, Perplexity acknowledged the flaw and confirmed that the issue has been resolved. In a statement, the company emphasized that it operates an active bug bounty program, encouraging security researchers to identify vulnerabilities in its platforms. Perplexity further assured users that it is working to strengthen AI security to prevent such incidents in the future.

Why This Incident Matters

The case underscores the growing risks associated with AI-driven browsers and applications. While tools like Comet are designed to simplify tasks—such as managing emails, calendars, and online accounts—they also introduce new kinds of security challenges.

Cybersecurity analysts warn that as AI becomes more deeply integrated into daily digital interactions, the threat surface for attackers expands. Unlike conventional browsers that rely on user actions, AI-based browsers often take automated actions, making them more vulnerable to manipulation through indirect instructions.

The Bigger Picture

This revelation is a reminder for both companies and users that AI security must evolve alongside AI innovation. For businesses, it highlights the importance of conducting regular security audits and collaborating with ethical hackers to detect vulnerabilities. For users, it emphasizes the need to remain cautious—even when using advanced, AI-powered tools.