Perplexity releases AI web browser, Comet, for free; security warnings follow
Perplexity is the latest company to release an AI-powered web browser. Comet is available free of charge for Windows and macOS, and it is looking to compete with the likes of Opera’s Neon.
Comet is not brand new. It launches in July to a limited audience, but now its AI powers are being made available to everyone. But while there is much excitement from Perplexity about the launch, and excitement from users, there is also a warning from security experts.
Perplexity believes that Comet is the solution to a broken web. The company says: “Today, the internet has stifled our curiosity. Knowledge work taught us to have answers, not questions. The clicks and traffic model of the web has done nothing but convert it into a digital yellow pages, where every path leads to a checkout button. Wherever you are on the internet today, you’re in somebody’s purchase funnel. “
In use there is scope for annoyance – everything opens in a new tab, although Perplexity does not see this as a bad thing:
The Comet Assistant browses the internet with you, there for any questions or tasks you think of along the way. It helps you with everything: research, meetings, code, e-commerce, and more. You can stay in your flow and get real answers, helpful actions, fewer distractions.
In the earliest days of the “Comet Summer,” it was clear the Comet Assistant should be able to do new tasks in any new tab. We shipped at Perplexity velocity. Every new tab has a new Comet Assistant there to answer any question or take any action on your behalf. All you have to do is ask.
The launch is soured rather by warnings from LayerX about CometJacking. The team says that it has found a critical zero-click vulnerability in Perplexity's Comet AI browser that lets attackers steal sensitive data, including emails, calendar appointments, and credentials, through a single malicious link, without needing passwords or user interaction beyond the click.
The security team says:
Unlike traditional phishing that targets credentials, "CometJacking" hijacks the AI assistant itself—turning your trusted digital butler into a spy. The attacker bypasses Perplexity's data protections using simple encoding tricks, and because the browser already has authorized access to Gmail, Calendar, and other services, no credential theft is needed. Most alarming: Perplexity was notified but dismissed the findings as having "no security impact," leaving users exposed.
Perplexity is hyping the power and innovation of Comet; LayerX is far more concerned with the impact of security issues:
This discovery is more than just another bug; it represents a fundamental shift in the browser attack surface.
For years, attackers focused on tricking users into giving up their credentials through phishing pages. But with agentic browsers, they no longer need the user’s password—they just need to hijack the agent that is already logged in. The browser itself becomes a potential insider threat. The risk moves from passive data theft to active command execution, fundamentally changing how security teams must defend their organizations.
In an enterprise environment, a single click could allow an attacker to gain a foothold, move laterally across systems, and manipulate corporate communication channels, all under the guise of a legitimate user’s activity.
More information is available in the blog post, here.
There is also a video that shows how information can be stolen in this way:
If the warnings have not put you off Comet, you can now download it for free, at perplexity.ai/comet.