There is a serious security problem inside Comet, the AI-powered agentic browser made by Perplexity, SquareX researchers say: Comet’s MCP API allows the browser’s built-in (but hidden from the user) extensions to issue commands directly to a user’s device, and the capability can be leveraged by attackers. Comet can run applications, read files and modify data on the local system. “Old-school” browsers normally block this level of access, but (some) AI-powered browsers are effectively braking … More
The post Security gap in Perplexity’s Comet browser exposed users to system-level attacks appeared first on Help Net Security.
This article has been indexed from Help Net Security
Read the original article: