Privacy News

Think twice before using Comet browser: Security & privacy risks

Perplexity Comet browser is redefining how users search the web, but Perplexity AI is not as safe as one might think. There are many red flags: From its extensive access to your data, to security vulnerabilities that allow the AI to follow malicious instructions. Let’s dive into it!

Perplexity Comet browser is not safe: It has security flaws making it vulnerable to prompt injection and CometJacking attacks which is a risk for your privacy.

At the beginning of October 2025, Perplexity’s Comet AI browser that initially cost $200/month became free to use. The agent browser aims to be an intelligent helper that performs tasks and surfs the web on your behalf. For example, the AI can book flights, write emails, or plan travel itineraries, all while you browse. But is Perplexity AI really safe? While Perplexity’s Comet might seem attractive to users, it has severe privacy and security concerns. LayerX has warned that Comet browser is vulnerable to CometJacking attacks. And at a closer look, the AI browser is also a data privacy nightmare. Today we're taking a deep dive into the AI browser's security vulnerability, data privacy risks, and why you should steer clear of using Perplexity Comet.

Perplexity’s agentic browser, Comet, has security vulnerabilities

LayerX security researchers discovered it’s vulnerable to CometJacking

Screenshot of tweet by The Hacker News on X: New "CometJacking" turns Perplexity's Comet into an insider threat. Screenshot of tweet by The Hacker News on X: New "CometJacking" turns Perplexity's Comet into an insider threat. CometJacking turns Perplexity’s Comet into an insider threat. Screenshot: The Hacker News on X

Research conducted by LayerX showed how attackers can perform CometJacking attacks in Comet with the click of a malicious URL.

In their research, they discovered how a single malicious URL, with no malicious page content, could let an attacker gain access to sensitive data that has been exposed in the Comet browser. During a CometJacking attack, when the malicious link is clicked, commands hidden in the URL instruct Comet AI to access the user memory and encode the data using base64 before it’s sent to the attacker’s servers.

For example, if a user asks Comet to edit an email or schedule a calendar appointment, the metadata can be exfiltrated to the attacker. What’s worrying about this is that in order for the attack to take place, the user just has to click on the malicious link which could be sent via email or displayed on a webpage, for example.

If you’re interested in watching how it happens, check out the LayerX proof-of-concept attacks on YouTube.

Because agent AIs perform tasks and operate with the user’s full privileges across authenticated sessions, these attacks could have scary consequences. Think about it: the AI agent has access to perform tasks like booking flights, writing and sending emails, and ordering from Amazon. So if you click on a weaponized link, it could be disastrous. Without you knowing, it could expose your sensitive Comet data to the attacker who can extract and exfiltrate it.

LayerX reported its findings on 27 August 2025, but Perplexity classified them to have “no security impact”.

Turn ON Privacy in one click.

More reason to avoid Comet: Data & privacy risks

The two biggest risks for your privacy when you use Perplexity Comet is the extensive access it has to your data and how the security vulnerabilities that have been found could lead to data exposure or access. When you grant an AI access to the services you use, your privacy is at risk, but the risks are further exacerbated when using Comet because of its security flaws.

For example, if you allow Perplexity’s Comet browser access to your email, your mailbox is no longer private. The same is true if you use an AI email writer. The agentic browser needs access to your accounts and services to be able to run tasks like sending emails and buying products. Given the extensive access the AI browser requires, it’s essential that the Comet browser has robust security, but this is exactly where the new tool doesn’t shine. Comet browser is not safe to use.

Perplexity Comet also has big plans to collect user data, and its CEO is not even trying to hide it:

That’s kind of one of the other reasons we wanted to build a browser, is we want to get data even outside the app to better understand you,“

We plan to use all the context to build a better user profile and, maybe you know, through our discover feed we could show some ads there.”

This was said by Perplexity CEO Aravind Srinivas, in a TBPN podcast interview. In the interview, Srinivas admitted that the reason the company was branching out from AI into browsers is to collect user data on everything its users do outside its app in order to sell targeted advertisements. If this type of business model sounds familiar, that’s because it is a similar business approach to Google’s Chrome - offer a free service, track users, sell their data, and target them with personalized ads.

Turn ON Privacy in one click.

In terms of how other big tech browsers collect and process your data, it is not surprising that Srinivas expressed that Perplexity wanted to create a browser to collect more data. But Comet, the agentic browser designed to learn how you think and what you do across every site, puts your data at risk because of its security flaws.

More worryingly, Perplexity isn’t stopping at collecting user data outside of Comet Browser - it still wants more. In August 2025, Perplexity AI made a $34.5bn takeover bid for Google Chrome during Google’s antitrust lawsuit when the U.S. Department of Justice alleged that Google was a monopolist in search. At the time, a spokesman for Perplexity told the BBC that Perplexity wants to buy Google’s Chrome browser and that the proposed bid marked an, “important commitment to the open web, user choice, and continuity for everyone who has chosen Chrome.” But given its CEO’s brazen honesty about its business tactics, it’s more believable that the AI company would acquire Chrome for one single reason: access to user data, the goldmine of every AI company.

Final thoughts: Stick to what you know

Yes, AI is the new hype and can be useful, but at the same time, you need to ask yourself if it’s really worth having an AI browser that could potentially fall risk to exposing your personal data or hijack your accounts because you clicked a malicious link or the AI was tricked.

For us at Tuta, the answer is a big NO.

Stick to what you know, and if you are looking for a secure browser, check out our guide here.

Illustration of a phone with Tuta logo on its screen, next to the phone is an enlarged shield with a check mark in it symbolizing the high level of security due to Tuta's encryption.