🚨 Warnings over Perplexity’s Comet Browser 🚨

AI browsers are the new hype but it doesn't mean they are safe to use 👉🏼

Security researchers from LayerX Security have revealed that the AI browser is vulnerable to CometJacking attacks, allowing hackers to hijack sessions and access user data.

For more info on why you're better off not using Comet: https://tuta.com/blog/perplexity-comet-browser-security-privacy-risks

#Perplexity #AIBrowser #CometBrowser

and #Snapchat #Fortnite #Perplexity #Canva

all just in the 1 plug
#aws

[DE] https://www.stuttgarter-zeitung.de/inhalt.amazon-aws-stoerung-down-mhsd.e57fda44-7b0d-4429-879c-1f08e108094a.html

and #Snapchat #Fortnite #Perplexity #Canva

all just in the 1 plug
#aws

[DE] https://www.stuttgarter-zeitung.de/inhalt.amazon-aws-stoerung-down-mhsd.e57fda44-7b0d-4429-879c-1f08e108094a.html

We really need an org forking of Mozilla. Especially with #Firefox plonking in #perplexity without our consent.

https://hachyderm.io/@davidculley/115377002571305266

Firefox is used by a lot of folks outside our space, we develop for it, so the answer isn't just insert [alternative] here. So if you're gearing up to suggest your alternative. Please don't, I'm aware.

I have them installed.

I just noticed #Firefox had added an AI slop machine ( #Perplexity ) to my search engine options without my consent. I'll manage my own search engines, thanks.

We really need an org forking of Mozilla. Especially with #Firefox plonking in #perplexity without our consent.

https://hachyderm.io/@davidculley/115377002571305266

Firefox is used by a lot of folks outside our space, we develop for it, so the answer isn't just insert [alternative] here. So if you're gearing up to suggest your alternative. Please don't, I'm aware.

I have them installed.

I just noticed #Firefox had added an AI slop machine ( #Perplexity ) to my search engine options without my consent. I'll manage my own search engines, thanks.

So if you're an Active Directory sysadmin and want to disable the #Perplexity AI search engine from your users' #Firefox 144 installations:

Install the Firefox .admx policy definition file on your domain controller.

Add and link a group policy object.

Edit the policy, navigate to User Configuration\Policies\Administrative Templates\Mozilla\Firefox\Search\Remove Search Engines

Enable the item.

Add an entry that reads (case sensitive): Perplexity

Next time your users start Firefox, Perplexity is gone.

So if you're an Active Directory sysadmin and want to disable the #Perplexity AI search engine from your users' #Firefox 144 installations:

Install the Firefox .admx policy definition file on your domain controller.

Add and link a group policy object.

Edit the policy, navigate to User Configuration\Policies\Administrative Templates\Mozilla\Firefox\Search\Remove Search Engines

Enable the item.

Add an entry that reads (case sensitive): Perplexity

Next time your users start Firefox, Perplexity is gone.

Neue Angriffsmethode „CometJacking“ nutzt URL‑Parameter, um Perplexitys KI‑Browser Comet auszuspähen
Ein kürzlich entdeckter Angriff namens CometJacking ermöglicht es Angreifern, über manipulierte URLs versteckte Anweisungen an den KI‑Browser Comet von Perplexity zu senden. Diese Anweisungen lassen die KI auf sensible Daten zugreifen, die mit verbundenen Diensten wie E‑Mail und Kalender synchronisiert sind.
Der Angriff ist ein klassischer Prompt‑Injection‑Befehl: In der Abfrage‑Zeichenkette (Query‑String) des Browsers wird das Parameterfeld collection missbraucht, um schädliche Instruktionen einzuschleusen. Statt im Internet zu recherchieren, weist das manipulierte Prompt die KI an, ihr internes Gedächtnis und angebundene Services zu konsultieren.
Gefährlichkeit: Der Angriff erfordert weder gültige Zugangsdaten noch irgendeine Interaktion des Opfers. Der Angreifer muss lediglich eine präparierte URL verbreiten (z. B. per Phishing‑Mail oder Social‑Media‑Post). Sobald ein Zielnutzer die URL öffnet, führt Comet die schädlichen Befehle aus und liefert die Daten an den Angreifer.
Und was sagt Perplexity dazu: nix gefährlich, kein Fehler.

https://layerxsecurity.com/blog/cometjacking-how-one-click-can-turn-perplexitys-comet-ai-browser-against-you/

#infosec #ai #PromptInjection #Phishing #SocialMedia #BeDiS #perplexity #cometAI

Neue Angriffsmethode „CometJacking“ nutzt URL‑Parameter, um Perplexitys KI‑Browser Comet auszuspähen
Ein kürzlich entdeckter Angriff namens CometJacking ermöglicht es Angreifern, über manipulierte URLs versteckte Anweisungen an den KI‑Browser Comet von Perplexity zu senden. Diese Anweisungen lassen die KI auf sensible Daten zugreifen, die mit verbundenen Diensten wie E‑Mail und Kalender synchronisiert sind.
Der Angriff ist ein klassischer Prompt‑Injection‑Befehl: In der Abfrage‑Zeichenkette (Query‑String) des Browsers wird das Parameterfeld collection missbraucht, um schädliche Instruktionen einzuschleusen. Statt im Internet zu recherchieren, weist das manipulierte Prompt die KI an, ihr internes Gedächtnis und angebundene Services zu konsultieren.
Gefährlichkeit: Der Angriff erfordert weder gültige Zugangsdaten noch irgendeine Interaktion des Opfers. Der Angreifer muss lediglich eine präparierte URL verbreiten (z. B. per Phishing‑Mail oder Social‑Media‑Post). Sobald ein Zielnutzer die URL öffnet, führt Comet die schädlichen Befehle aus und liefert die Daten an den Angreifer.
Und was sagt Perplexity dazu: nix gefährlich, kein Fehler.

https://layerxsecurity.com/blog/cometjacking-how-one-click-can-turn-perplexitys-comet-ai-browser-against-you/

#infosec #ai #PromptInjection #Phishing #SocialMedia #BeDiS #perplexity #cometAI

AI company Perplexity launched a web browser called Comet in July, but at the time it was only available for $200/month subscribers. Now it's free for everyone. It's a desktop-only browser for now, but mobile versions are coming. https://www.perplexity.ai/hub/blog/comet-is-now-available-to-everyone-worldwide #Perplexity #Comet #WebBrowser #AI

Why #Perplexity is going after Google Chrome - and yes, it's serious https://zdnet.com/article/why-perplexity-is-going-after-google-chrome-and-yes-its-serious/ by @sjvn

The courts are likely to force #Google to sell #Chrome to someone, which may spark a bidding war.

(⁠⌐⁠■⁠-⁠■⁠) Perplexity is using stealth, undeclared crawlers to evade website no-crawl directives

https://blog.cloudflare.com/perplexity-is-using-stealth-undeclared-crawlers-to-evade-website-no-crawl-directives

#perplexity #aisearch #aiscraping

Japan's Yomiuri Shimbun newspaper, one of the world's biggest by circulation, is suing U.S.-based AI firm Perplexity for allegedly "free-riding" on its content on its search engine. https://www.japantimes.co.jp/news/2025/08/08/japan/crime-legal/yomiuri-sues-free-riding-ai-firm/?utm_medium=Social&utm_source=mastodon #japan #crimelegal #yomiuri #newspapers #media #ai #perplexity #japanesecourts

Today, Cloudflare reported that the AI company #Perplexity is using "stealth crawlers" to scrape data from websites with no-crawling policies. Read about how AI has created a battle over web crawling in this Q&A: https://spectrum.ieee.org/web-crawling

If your crawler is spoofing its identity because I have disallowed it from my sites, I consider that an attempted server breach. You are no better than someone trying to compromise my SSH connection.

#IT#SysAdmin#Perplexity#Crawlers

Today, Cloudflare reported that the AI company #Perplexity is using "stealth crawlers" to scrape data from websites with no-crawling policies. Read about how AI has created a battle over web crawling in this Q&A: https://spectrum.ieee.org/web-crawling

If your crawler is spoofing its identity because I have disallowed it from my sites, I consider that an attempted server breach. You are no better than someone trying to compromise my SSH connection.

#IT#SysAdmin#Perplexity#Crawlers