All SEO 
SEO News 
SEO Strategy 
Ask An SEO 
Enterprise SEO 
Google Algorithm Updates 
International SEO 
Link Building 
Local SEO 
Mobile SEO 
On-Page SEO 
Technical SEO 
Vertical SEO 
Wordpress for SEO 
Web Dev for SEO 
SaaS SEO 
E-commerce SEO 
AI-Driven SEO 
All Paid Media 
Paid Media News 
Ask a PPC Expert 
PPC 
Programmatic 
Social Media Advertising 
Video Advertising 
All Content 
Content News 
Content Strategy 
Content Creation 
Content Marketing 
Content Trends 
All Social Media 
Social Strategy 
Social Media Advertising 
Facebook 
Instagram 
LinkedIn 
TikTok 
Twitter 
YouTube 
Reddit 
Whatsapp 
Quora 
Pinterest 
All Digital Marketing 
Affiliate Marketing 
Analytics & Data 
Digital Experience 
Generative AI 
Lead Generation 
Shopify Perplexity Comet Browser At Risk From Prompt Injection Exploit
The Perplexity Comet browser is prone to prompt injection vulnerabilities that could expose information about users or queries.
A major security vulnerability was discovered within the Perplexity Comet AI browser, potentially permitting attackers to insert malicious prompts or access sensitive data from other browser tabs.
How the Vulnerability Operates
Brave recently exposed this vulnerability that could be exploited if a user asks Comet to write a summary of a page.
According to Brave:
“The vulnerability we’re discussing in this post lies in how Comet processes webpage content: when users ask it to “Summarize this webpage,” Comet feeds a part of the webpage directly to its LLM without distinguishing between the user’s instructions and untrusted content from the webpage. This allows attackers to embed indirect prompt injection payloads that the AI will execute as commands. For instance, an attacker could gain access to a user’s emails from a prepared piece of text in a page in another tab.”
This implies that malicious software hidden in a website could fool the AI of a browser into divulging data from different tabs, which could pose a major security risk to your privacy.
Ineffective Patch Raises Concerns
According to a post on Simon Willison’s blog, Perplexity attempted to fix the issue; however, the patch hasn’t fixed the issue, which leaves users vulnerable.
A developer posted the following on X:
“Why is no one talking about this?
This is why I don’t use an AI browser
You can literally get prompt injected and your bank account drained by doomscrolling on reddit:”
The vulnerability remains unpatched and unfixed, because of which trust in the Comet browser’s security is very low. The users are advised to remain alert and be on the lookout for any developments.
Personal Take
The warnings outlined here highlight the critical aspect of security holes. The incident illustrates the vital importance of safeguarding AI-powered web browsers from attack by prompt injection to safeguard the privacy of the user and maintain data integrity.
