When a new browser promises smarter AI-powered features, most of us get excited. But with that innovation often comes a new kind of risk. That’s exactly what happened with the recent Perplexity Comet vulnerability, a flaw that lets attackers hide commands inside screenshots — yes, actual images — and trick the browser into doing things users never intended. This discovery feels like something straight out of a sci-fi story, but it’s very real, and it’s another reminder that we’re still figuring out the limits of AI browsers.
How It All Started
The issue first came to light on October 21, 2025, when researchers from Brave shared their findings about a serious bug in Perplexity AI’s Comet browser. The tool’s screenshot feature — meant to help users ask questions about web pages — turned out to be a security hole. The Perplexity Comet vulnerability shows how easily hackers can slip malicious text into images and make the browser obey invisible commands.
The Sneaky Technique Behind It
Here’s where things get clever — and dangerous. Attackers hide nearly invisible words in an image, using faint colors that blend right into the background. When a user takes a screenshot, Comet’s OCR system reads this hidden text and passes it to the large language model (LLM). From there, the AI thinks it’s following a user’s instruction, when in reality, it’s carrying out a hacker’s command. That’s what makes the Perplexity Comet vulnerability so unsettling — it’s an attack that rides in quietly, right through a normal-looking screenshot.
Why It Matters So Much
If this sounds like a small technical glitch, it’s not. The flaw gives attackers a way to exploit the very trust users place in AI. Since Comet AI can perform actions on your behalf, a single malicious screenshot could cause serious damage. Think of it as someone whispering a dangerous command in the AI’s ear while you’re distracted — that’s how subtle this attack can be. From phishing and data theft to unauthorized account actions, the potential fallout of the Perplexity Comet vulnerability is huge.
What Brave Researchers Found
The discovery came from Brave’s own security team, led by Artem Chaikin and Shivan Kaul Sahib. They tested the exploit in a controlled environment and showed how quickly it could override user intent. It was part of their continuing research into agentic browsers — those that act on a user’s behalf. Their demo proved one unsettling point: when AI interprets data blindly, even harmless features can become dangerous.
Not the First of Its Kind
This isn’t the first time an AI browser has been caught off guard. The Perplexity Comet vulnerability follows another earlier flaw reported by Brave, and similar issues have popped up in browsers like Fellou. These repeated incidents point to a growing pattern — AI tools that interact too freely with the web can be tricked by cleverly disguised input. It’s a systemic problem, not just a one-off mistake.
Why Usual Defenses Don’t Work
Traditional web security measures, like the same-origin policy, don’t protect against this kind of problem. That’s because the Perplexity Comet vulnerability doesn’t rely on normal code execution or network exploits. Instead, it manipulates how AI reads and processes visual data. It’s a reminder that we need a new kind of security thinking — one designed for AI-powered systems.
Who Could Be Affected
If you use Comet for browsing while logged into your bank, email, or cloud storage, you’re at risk. Even something as simple as taking a screenshot of an online forum could trigger a hidden command. The Perplexity Comet vulnerability shows how easily hackers could reach across domains and use innocent actions to hijack AI behavior.
What’s Being Done About It
Brave reported the issue to Perplexity AI on October 1, giving them time to respond before making it public. The company also urged all browser developers to isolate agentic features from normal browsing and add extra confirmation steps before any AI-driven action. Those safeguards might seem small, but they could prevent massive damage in the future. For now, Perplexity AI hasn’t released full technical details, likely to give users time to update and patch their browsers.
Experts Are Concerned
Cybersecurity professionals across the industry have taken notice. A Malwarebytes report even mentioned that simple AI summarization tools could lead to data leaks and financial loss. The Perplexity Comet vulnerability adds fuel to that warning — AI tools, when given too much freedom, can be manipulated in ways we haven’t fully prepared for. The takeaway? Smart doesn’t always mean safe.
How Users Can Stay Safe
Until fixes are rolled out, it’s smart to be cautious. Don’t take screenshots of untrusted pages. Avoid using AI features while logged into sensitive accounts. Disable experimental “agent” modes unless you fully understand how they work. These small steps can go a long way in keeping you safe from prompt injection or similar attacks. Staying alert is your best defense until browser makers catch up.
Final thoughts
At its core, the Perplexity Comet vulnerability shows how something as harmless as a screenshot can become a hacker’s weapon. As AI takes on a bigger role in our daily browsing, we need smarter safety nets and more responsible design choices. The technology is powerful — but without the right precautions, it can easily turn against us. So, next time your AI browser asks to “help,” make sure it’s not helping someone else instead.
