SecurityWeek reports that U.S. artificial intelligence software firm Perplexity has repudiated findings from browser security company SquareX detailing how its agentic AI browser Comet could be compromised to facilitate local command execution.SquareX noted that the 'perplexity.ai' domain or Comet's Agentic extension could be targeted to facilitate exploitation of the Model Context Protocol API for command execution, with the 'extension stomping' attack involving the spoofing and sideloading of the browser's Analytics extension potentially enabling ransomware deployment.However, such an attack scenario is "contrived," according to Perplexity, which addressed the security issue while stating that the technique showed by SquareX needed substantial human assistance."If it is a risk at all, it is a risk of humans being phished and convinced to manually load malware, but even they admit that's unrealistic and it would have to be a Perplexity employee with production access who changes the existing extension for a bad one," said a Perplexity spokesperson.
AI/ML
Perplexity dismisses Comet flaw discovered by SquareX

(Adobe Stock)
An In-Depth Guide to AI
Get essential knowledge and practical strategies to use AI to better your security program.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



