Perplexity’s Comet AI browser may have some concerning security flaws which could let hacker hijack your device – TechRadar
Published on: 2025-11-20
AI-powered OSINT brief from verified open sources. Automated NLP signal extraction with human verification. See our Methodology and Why WorldWideWatchers.
Intelligence Report: Perplexity’s Comet AI Browser Security Flaws
1. BLUF (Bottom Line Up Front)
The Perplexity’s Comet AI browser has significant security vulnerabilities that could allow hackers to hijack user devices. The most supported hypothesis is that these vulnerabilities stem from inadequate security protocols in the browser’s API and extension architecture. Immediate action is recommended to address these flaws to prevent potential widespread exploitation. Confidence Level: Moderate.
2. Competing Hypotheses
Hypothesis 1: The security flaws in the Comet AI browser are due to inherent weaknesses in the API and extension design, which have not been adequately tested against modern cybersecurity threats.
Hypothesis 2: The vulnerabilities are a result of a targeted attack or insider threat that has exploited specific weaknesses in the Comet AI browser’s architecture.
Hypothesis 1 is more likely due to the broad nature of the vulnerabilities identified, which suggest systemic design issues rather than a singular exploit. The evidence of arbitrary local command execution and the use of a custom implementation of the Model Context Protocol (MCP) supports this view.
3. Key Assumptions and Red Flags
Assumptions: It is assumed that the vulnerabilities are not yet widely exploited, and that the information provided by SquareX is accurate and unbiased.
Red Flags: The possibility of deception or misinformation from SquareX cannot be ruled out, particularly if they have vested interests in promoting their cybersecurity solutions. Additionally, the complexity of the vulnerabilities suggests that they may have been known internally but not disclosed.
4. Implications and Strategic Risks
The vulnerabilities in the Comet AI browser present significant risks, including potential for widespread device hijacking, data breaches, and ransomware attacks similar to WannaCry. If exploited, these could lead to substantial economic losses, damage to user trust, and reputational harm to Perplexity. Politically, there could be increased scrutiny and regulatory pressure on AI and browser technologies.
5. Recommendations and Outlook
- Conduct a comprehensive security audit of the Comet AI browser, focusing on API and extension vulnerabilities.
- Engage with cybersecurity experts to develop patches and strengthen security protocols.
- Increase transparency with users and stakeholders about the vulnerabilities and mitigation efforts.
- Best-case scenario: Vulnerabilities are quickly patched, and user trust is restored.
- Worst-case scenario: Exploitation of vulnerabilities leads to widespread attacks, significant data breaches, and long-term reputational damage.
- Most-likely scenario: Partial exploitation occurs, prompting a moderate response from Perplexity and increased regulatory scrutiny.
6. Key Individuals and Entities
Kabilan Sakthivel (Researcher at SquareX)
SquareX (Cybersecurity firm)
Perplexity (Developer of Comet AI Browser)
7. Thematic Tags
Cybersecurity, AI, Browser Security, Vulnerabilities, Data Breach, Ransomware
Structured Analytic Techniques Applied
- Adversarial Threat Simulation: Model and simulate actions of cyber adversaries to anticipate vulnerabilities and improve resilience.
- Indicators Development: Detect and monitor behavioral or technical anomalies across systems for early threat detection.
- Bayesian Scenario Modeling: Quantify uncertainty and predict cyberattack pathways using probabilistic inference.
- Network Influence Mapping: Map influence relationships to assess actor impact.
Explore more:
Cybersecurity Briefs ·
Daily Summary ·
Support us
