New attack harnesses Perplexity’s agentic AI browser for data exfiltration

Threat actors could compromise Perplexity's agentic artificial intelligence browser Comet with nefarious prompts that enable the pilfering of data from email, calendar, and other connected services through the new CometJacking attack technique, reports The Hacker News.

Developed by LayerX researchers as a proof-of-concept, CometJacking begins with clicking a specially crafted URL in phishing emails or web pages that order the Comet AI browser to run a concealed prompt that obtains and encrypts user data from Gmail and other apps before exfiltrating them to an attacker-controlled endpoint.

Such a report "proves that trivial obfuscation can bypass data exfiltration checks and pull email, calendar, and connector data off-box in one click. AI-native browsers need security-by-design for agent prompts and memory access, not just page content," said LayerX Head of Security Research Michelle Levy.

LayerX's findings come more than half a decade after GuardioLabs discovered that Comet and other browsers could be deceived into directing their users to phishing or fake e-commerce pages as part of the Scamlexity attack technique.