Diagram of CometJacking exploit: malicious URL link clicked by user, injecting prompt into Perplexity Comet AI (browser icon), accessing connected apps (Gmail/Calendar symbols), Base64 encoding data flow to attacker server; five-stage timeline with obfusc

LayerX researchers have exposed CometJacking, a novel attack exploiting Perplexity’s Comet AI browser to steal sensitive user data. A malicious URL, disguised in phishing links, injects a prompt that tricks the AI into querying connected services like Gmail or Calendar, Base64-encoding retrieved info (e.g., emails, schedules), and sending it to an attacker’s server—bypassing traditional safeguards via simple obfuscation.

Diagram of CometJacking exploit: malicious URL link clicked by user, injecting prompt into Perplexity Comet AI (browser icon), accessing connected apps (Gmail/Calendar symbols), Base64 encoding data flow to attacker server; five-stage timeline with obfuscDiagram of CometJacking exploit: malicious URL link clicked by user, injecting prompt into Perplexity Comet AI (browser icon), accessing connected apps (Gmail/Calendar symbols), Base64 encoding data flow to attacker server; five-stage timeline with obfusc

The five-stage process:

victim clicks link (trigger), AI reads URL prompt instead of browsing (execution), leverages pre-authorized access (no passwords needed), encodes data (obfuscation), and exfiltrates to remote endpoint. Unlike phishing, it turns the AI into an insider C2 tool within networks.

Diagram of CometJacking exploit: malicious URL link clicked by user, injecting prompt into Perplexity Comet AI (browser icon), accessing connected apps (Gmail/Calendar symbols), Base64 encoding data flow to attacker server; five-stage timeline with obfuscDiagram of CometJacking exploit: malicious URL link clicked by user, injecting prompt into Perplexity Comet AI (browser icon), accessing connected apps (Gmail/Calendar symbols), Base64 encoding data flow to attacker server; five-stage timeline with obfusc

Perplexity downplays it as non-vulnerable, but experts warn of escalating AI threats, building on 2020’s Scamlexity scam. This highlights risks in agentic AI autonomy, urging "security by design" with prompt monitoring, memory controls, and data boundaries to prevent browsers from becoming exploit vectors in enterprises.
 
NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, Z Plus Security