Perplexity’s Comet browser has emerged as one of the most ambitious attempts to reimagine web browsing through artificial intelligence. Launching in July 2025 to Perplexity Max subscribers and expanding to free worldwide access in October, this AI-powered browser promises to revolutionize how we interact with the internet. At Search Savvy, we’ve been closely monitoring the evolution of AI browsers, and while Perplexity’s Comet demonstrates impressive capabilities, it also exposes critical vulnerabilities that every user needs to understand. The central question isn’t whether AI browsers can work-they clearly can-but whether they’re ready to operate safely without constant human oversight.
What Is Perplexity’s Comet and How Does It Work?
Perplexity’s Comet represents a fundamental departure from traditional web browsers. Rather than simply displaying web content, Comet integrates AI capabilities directly into the browsing experience, positioning itself as a shift from passive browsing to active thinking. The Comet AI Browser features a sidecar assistant that accompanies users as they navigate the web, offering real-time help with summarization, question-answering, and even autonomous task completion.
The browser includes a “background assistant” for paid subscribers that can perform multiple tasks simultaneously-sending emails, shopping for concert tickets, and finding flights-all while users do other work. This agentic approach allows the AI to act on your behalf across multiple websites and applications, fundamentally changing the relationship between user and browser.
The technical foundation of Perplexity’s Comet combines multiple language models to enhance search relevance and response quality. Users interact with the browser through natural language, and the AI processes these requests while accessing authenticated sessions across various platforms.
Quick Answer: Perplexity’s Comet is an AI-powered browser that uses integrated assistants to summarize content, manage tasks, and navigate websites autonomously on behalf of users.
Why Is the Comet AI Browser Important in 2025?
Comet AI Browser matters because it represents the next evolution in how humans access and process information online. According to Perplexity, users ask “6–18 times more questions” on their first day with Comet compared to regular browsing, suggesting the tool encourages deeper curiosity and engagement with online content.
Search Savvy recognizes that AI browsers address legitimate frustrations with the modern internet. The web has become cluttered with low-quality content, intrusive advertisements, and deliberately confusing interfaces designed to maximize engagement rather than deliver value. An intelligent assistant that can cut through this noise and surface relevant information represents genuine progress.
The browser’s free global release in October 2025, after initially being available only to $200-per-month Max subscribers, demonstrates Perplexity’s commitment to democratizing AI-assisted browsing. This accessibility positions Comet as a serious challenger to established browsers like Chrome, which dominates with over 3 billion users.
For researchers, students, and knowledge workers, the ability to instantly summarize articles, extract key information, and synthesize data from multiple sources can dramatically accelerate work. For everyday users, having an assistant that manages emails, organizes tabs, and handles routine web tasks promises significant time savings.
Quick Answer: The Comet AI Browser is important because it makes AI-assisted web navigation accessible to everyone, potentially transforming how billions of people research, shop, and interact with online content.
What Are the Security Vulnerabilities in Perplexity’s Comet?
This is where the promise of AI browsers collides with harsh reality. Multiple independent security researchers have identified serious flaws in Perplexity’s Comet that compromise user safety. According to Search Savvy’s analysis of these findings, the vulnerabilities fall into several concerning categories.
Prompt Injection Attacks
Security researchers from Brave discovered that when users ask Comet to summarize a webpage, the browser feeds webpage content directly to its language model without distinguishing between user instructions and potentially malicious content from the website. This allows attackers to embed hidden commands that the AI will execute as if they came from the user.
In one demonstration, researchers showed how a Reddit thread containing hidden instructions could trick Comet into accessing a user’s emails and extracting login credentials when the user simply asked for a summary. The AI couldn’t differentiate between the legitimate request to summarize and the malicious instructions embedded in the content.
Phishing Vulnerability
Research by LayerX found that Comet and similar AI browsers are up to 85% more vulnerable to phishing attacks than Chrome, allowing over 90% of compromised web pages to bypass protections. Unlike traditional browsers that include mechanisms to filter known malicious websites, these critical security features were largely absent from Comet.
In one disturbing test, researchers demonstrated how Comet could be tricked into processing a phishing email, visiting the malicious website, and prompting users for banking credentials-all without any indication that something was amiss. The human user never saw suspicious sender addresses or questionable domains because the AI handled everything, creating what researchers called a “perfect trust chain gone rogue.”
CometJacking Attacks
A technique dubbed “CometJacking” allows attackers to embed malicious prompts within seemingly innocent links that, when clicked, trigger the browser to exfiltrate sensitive data from connected services like email and calendar. The malicious URL instructs Comet’s AI to capture user data, obfuscate it using encoding, and transmit it to attacker-controlled endpoints-all without the victim’s knowledge.
Screenshot-Based Exploits
Even Comet’s screenshot feature poses risks, as researchers demonstrated that malicious instructions can be embedded as nearly-invisible text within images that are processed as commands rather than untrusted content. This attack vector bypasses traditional text-based security measures entirely.
Quick Answer: Perplexity’s Comet suffers from prompt injection vulnerabilities, extreme phishing susceptibility, and data exfiltration risks that allow malicious actors to hijack the browser and steal sensitive user information.
How Do These Vulnerabilities Impact Real Users?
The theoretical vulnerabilities become terrifying when translated into real-world scenarios. At Search Savvy, we believe users deserve to understand exactly what’s at stake.
When AI handles the entire interaction from email to website, it effectively vouches for phishing pages, meaning users never see suspicious addresses, never hover over questionable links, and never have the chance to question domains. Traditional human intuition about online threats becomes completely useless when an AI intermediary makes all the decisions.
Consider these realistic attack scenarios:
- Banking theft: A user clicks a link that triggers Comet to visit their bank’s website, capture their credentials, and send them to attackers
- Email compromise: Asking the browser to summarize a Reddit thread could result in your entire email account being accessed and exfiltrated
- Unwanted purchases: The AI could be tricked into making purchases on fake e-commerce sites without user awareness
- Corporate espionage: In enterprise environments, a single malicious link could compromise access to corporate systems, cloud storage, and confidential documents
Security expert Simon Willison argues that “the entire concept of an agentic browser extension is fatally flawed and cannot be built safely” because language models cannot reliably distinguish between trusted instructions and untrusted content. This represents a fundamental architectural problem, not just a bug to be patched.
Quick Answer: These vulnerabilities enable real-world attacks including credential theft, unauthorized purchases, email compromise, and corporate data breaches-all triggered by actions as simple as clicking a link or asking for a webpage summary.
Can Perplexity Fix the Comet Browser’s Security Issues?
This question strikes at the heart of whether AI browsers can ever be truly safe. While Perplexity claims to have fixed vulnerabilities after working with security researchers, the fundamental challenge remains unsolved.
Brave’s security team suggested that browsers should “clearly separate the user’s instructions from the website’s contents,” but acknowledged that this represents the core problem with prompt injection that has persisted for nearly three years with no convincing solution. The issue is architectural: to a language model, trusted instructions and untrusted content are concatenated into the same stream of tokens with no reliable way to distinguish between them.
Search Savvy recognizes that Perplexity faces a difficult dilemma. The features that make Comet powerful-its ability to access multiple websites with user credentials, process content autonomously, and take actions on behalf of users-are the same capabilities that create security risks. Restricting these features would diminish the browser’s core value proposition.
Some potential mitigations include:
- Explicit confirmation requirements for sensitive actions like financial transactions
- Isolation of agentic features from regular browsing contexts
- Enhanced user warnings when processing potentially untrusted content
- Sandboxing to limit what the AI can access even when compromised
However, these measures may not fully eliminate the risks inherent in allowing AI to act with full user privileges across authenticated sessions.
Quick Answer: While Perplexity can implement specific fixes, the fundamental security challenge of distinguishing trusted instructions from malicious content in AI systems remains unsolved, making complete security difficult to guarantee.
Should You Use an AI Browser Like Comet in 2025?
This is the critical question that Search Savvy believes every potential user must carefully consider. The answer depends on your specific use case, risk tolerance, and security requirements.
When Comet might make sense:
- Research and learning on public websites with minimal sensitive data
- Content creation where the productivity gains outweigh risks
- Controlled environments where you’re not logged into banking, email, or corporate systems
- Non-critical tasks where potential compromise wouldn’t be catastrophic
When you should absolutely avoid Comet:
- Enterprise environments with access to confidential company data
- Financial activities involving banking or investment accounts
- Healthcare contexts with protected health information
- Any scenario where you’re simultaneously logged into sensitive accounts
At Search Savvy, we recommend a cautious approach: if you experiment with AI browsers, do so in isolated browsing contexts separate from your primary accounts. Never use these browsers while logged into banking, email, or other critical services until the security landscape significantly improves.
Consider AI browsers as exciting but unproven technology-similar to how early smartphones were innovative yet vulnerable before security best practices matured. The potential is real, but so are the risks.
Quick Answer: Use AI browsers cautiously for low-risk research and content creation, but avoid them entirely for sensitive activities like banking, email, or corporate work until security significantly improves.
What Does the Future Hold for AI Browsers?
Perplexity’s Comet is not alone in this space. The browser faces competition from The Browser Company’s Dia, Google’s Gemini integration in Chrome, Anthropic’s browser-based AI agents, and OpenAI’s anticipated browser launch. This competitive landscape suggests AI-assisted browsing represents the industry’s collective vision for the future.
The fundamental question is whether these companies can solve the security challenges before widespread adoption creates opportunities for large-scale exploitation. According to Search Savvy’s assessment, several developments will shape this future:
Industry-wide security standards will likely emerge as more vulnerabilities are discovered and exploited. Just as web browsers eventually adopted HTTPS, sandboxing, and other protections, AI browsers will need their own security frameworks.
Regulatory scrutiny may increase if these browsers become vectors for fraud or data breaches, potentially leading to mandatory security requirements.
User education will be critical. People need to understand that AI browsers operate fundamentally differently from traditional browsers and require different security practices.
Technological innovation may eventually solve some prompt injection challenges, though experts remain skeptical about near-term solutions.
Perplexity’s aggressive expansion-including partnerships with major publishers through Comet Plus and an unsolicited $34.5 billion bid for Google’s Chrome browser-suggests the company believes AI browsers represent the future regardless of current security challenges.
At Search Savvy, we believe AI browsers will eventually mature into safe, powerful tools, but that evolution will take time and likely include painful security incidents along the way. The key is ensuring those incidents happen during controlled testing rather than at the expense of unsuspecting users.
Quick Answer: AI browsers represent the future of web navigation, but achieving that future safely requires solving fundamental security challenges, establishing industry standards, and educating users about new risks and best practices.
Conclusion: Promise Meets Reality
Perplexity’s Comet demonstrates that AI browsers can work-they can dramatically accelerate research, simplify complex tasks, and make the internet more accessible. The technology is genuinely impressive, and the vision of an AI partner that helps you navigate the digital world is compelling.
But as Search Savvy has outlined throughout this analysis, “can work” is very different from “works safely.” The security vulnerabilities discovered in Comet aren’t minor bugs; they represent fundamental challenges in allowing AI to act autonomously with user privileges across multiple websites and services.
The title of this article captures the essential truth: AI browsers can work, just not without supervision. Until the industry solves problems like prompt injection, develops reliable security frameworks, and builds in robust protections against manipulation, these browsers require careful, knowledgeable oversight from users who understand both their capabilities and their risks.
For now, treat AI browsers as powerful experimental tools that show us the future-but approach them with the caution you’d apply to any emerging technology that accesses your sensitive data. The revolution in web browsing is coming, but it’s not quite ready for primetime without human supervision at every step.
Frequently Asked Questions
Q: Is Perplexity’s Comet browser safe to use?
A: Comet has known security vulnerabilities including prompt injection attacks, phishing susceptibility, and data exfiltration risks. While Perplexity has addressed some issues, fundamental security challenges remain. It’s safest to use Comet only for non-sensitive browsing while logged out of critical accounts.
Q: What makes AI browsers different from regular browsers like Chrome?
A: AI browsers like Comet include integrated assistants that can read webpage content, take actions on your behalf, and access your authenticated sessions across multiple websites. Traditional browsers simply display content; AI browsers interact with it autonomously, which creates both powerful capabilities and new security risks.
Q: Can hackers really steal my data just by me clicking a link in Comet?
A: Yes. Security researchers demonstrated that malicious links can trigger Comet to access connected services like email and calendar, extract sensitive data, encode it, and send it to attacker-controlled servers-all without obvious warning signs to the user.
Q: Has Perplexity fixed the security problems in Comet?
A: Perplexity has addressed specific vulnerabilities reported by researchers, but the fundamental challenge of prompt injection-where AI cannot reliably distinguish user instructions from malicious content-remains unsolved across the entire industry, not just in Comet.
Q: Should businesses allow employees to use Comet?
A: Most security experts advise against enterprise use of AI browsers until security substantially improves. The risk of corporate data exposure, credential theft, and system compromise through prompt injection attacks makes AI browsers inappropriate for business environments handling sensitive information.
Q: Are all AI browsers as vulnerable as Comet, or is this specific to Perplexity?
A: Research suggests these vulnerabilities are systemic across AI-powered browsers. Multiple AI browsers tested showed similar security weaknesses, indicating this is a challenge for the entire category rather than a problem unique to Perplexity’s implementation.
