Brave discovers a security flaw in Perplexity’s Comet browser
Brave discovered a security flaw in Perplexity’s AI browser Comet that allows for so-called indirect prompt injection attacks. In these attacks, malicious commands are hidden in web pages or comments and are then interpreted by the AI assistant as legitimate user instructions when summarizing a page. During testing, Brave showed that Comet could be tricked into reading out sensitive user data, like email addresses and one-time passwords, and sending them to attackers. Perplexity responded by issuing updates, but according to Brave, the issue still isn’t fully resolved. Brave also offers its own AI assistant, Leo, in its browser and faces similar security challenges.
AI News Without the Hype – Curated by Humans
As a THE DECODER subscriber, you get ad-free reading, our weekly AI newsletter, the exclusive "AI Radar" Frontier Report 6× per year, access to comments, and our complete archive.
Subscribe nowAI news without the hype
Curated by humans.
- Over 20 percent launch discount.
- Read without distractions – no Google ads.
- Access to comments and community discussions.
- Weekly AI newsletter.
- 6 times a year: “AI Radar” – deep dives on key AI topics.
- Up to 25 % off on KI Pro online events.
- Access to our full ten-year archive.
- Get the latest AI news from The Decoder.