In a striking demonstration of how seemingly innocuous digital interactions can lead to serious security breaches, security researchers have revealed a method to hijack Perplexity’s agentic Comet browser using a simple calendar invite. The exploit allows attackers to gain access to local files and, in some cases, fully compromise a user's 1Password account.
Exploiting Trust in Digital Interfaces
The vulnerability lies in how Comet handles calendar invitations, which are typically seen as safe and routine. When a user clicks on a maliciously crafted calendar event, it triggers a sequence of actions within the browser that bypasses standard security protocols. This allows the attacker to access sensitive data stored locally on the device and even extract credentials from 1Password, a widely used password manager.
Implications for Agentic AI Browsers
This incident highlights the growing risks associated with agentic AI browsers—those that act on behalf of users to perform tasks autonomously. While such tools offer convenience, they also introduce new attack vectors that traditional security measures may not adequately protect against. The Comet browser, designed to be highly interactive and context-aware, becomes a prime target for attackers who exploit its trust-based design.
Researchers emphasize that the flaw isn’t limited to Perplexity’s browser alone. It underscores a broader challenge in the AI-assisted computing space: how to maintain usability while ensuring robust security. As more tools adopt agent-based architectures, the potential for similar exploits increases.
Conclusion
This security breach serves as a stark reminder that even the most advanced AI tools are only as secure as the interfaces they rely on. Users and developers alike must remain vigilant, especially as AI-driven browsers become more integrated into daily workflows. The incident is likely to prompt a reevaluation of how trust is managed in agentic systems, and could influence future updates to both Perplexity's Comet and similar platforms.
