Perplexity offers free Comet AI browser; AI browsers cybersecurity time bomb
When I tried the newest AI-enabled browser beta, it instantly offered a one-sentence summary of the article I was reading. The promise is clear: on-the-fly summarisation, quick fact-checking and a built-in large language model that follows every click. But each of those tricks also widens the attack surface.
Extensions can still scoop up cookies, scripts may slip in malicious prompts, and the simple act of sending every page to a remote model probably leaks bits of sensitive data. Security analysts keep warning that the convenience of these “AI browsers” might be outpacing the safeguards we need for privacy and corporate networks. It isn’t just the big players in the game; a handful of smaller firms are already scrambling for a piece of the emerging niche.
Their moves matter because they could set the tone for how fast the market adopts - and perhaps normalises - these risky tools. Below, I point out two of the most visible newcomers and sketch how each is trying to gain traction.
Startups are also keen to stake a claim, such as AI startup Perplexity -- best known for its AI-powered search engine, which made its AI-powered browser Comet freely available to everyone in early October -- and Sweden's Strawberry, which is still in beta and actively going after "disappointed Atlas users." In the past few weeks alone, researchers have uncovered vulnerabilities in Atlas allowing attackers to take advantage of ChatGPT's "memory" to inject malicious code, grant themselves access privileges, or deploy malware. Flaws discovered in Comet could allow attackers to hijack the browser's AI with hidden instructions.
AI-powered browsers are starting to feel less like a gimmick and more like a daily aid. OpenAI’s ChatGPT Atlas and Microsoft’s Edge Copilot Mode already pull up answers, sketch summaries and even trigger actions without a click. The experience, though, still feels a bit clunky, and the extra attack surface makes me wonder about data leaks and fresh bugs.
Startups have jumped in fast: Perplexity released its Comet browser for free, and Sweden’s Strawberry is courting early adopters in a beta that promises a different vibe from Atlas. Those moves hint at a budding market, yet they also raise the question of whether the security layers can keep up. Right now there are no clear standards or proven defenses, so the risk picture stays hazy.
Users might enjoy a hands-off web session, but we haven’t really measured how much safety we’re giving up. The pull of AI browsers is obvious, but whether they’ll become safe enough for most people is still up in the air.
More in LLMs & Generative AI
AI Model Scores Mensa Norway IQ 135, Surpassing Average Human Reasoning
The latest round of benchmark testing has put a spotlight on a new language model that cracked the...
Google pushes Gemini rollout to 2026, delays Android Assistant swap
Why does this matter now? For years, Android users have expected a smooth handoff from the familiar...
OpenAI now adds tone controls and streamlined email editing to ChatGPT
OpenAI just rolled out a set of tweaks that feel oddly personal for a chatbot. While the core model...
Google releases FunctionGemma, a tiny model for natural‑language mobile control
Here's the thing: mobile phones are the most common computing platform, yet most AI assistants...
Chinese scammers used AI images for refund fraud; police held buyer eight days
When a shopper in Shanghai posted a video of a defective product, the footage looked...
Common Questions Answered
What specific security concerns does Perplexity's free Comet AI browser raise for users?
Perplexity's Comet browser sends every visited page to a remote LLM for on‑the‑fly summarisation, creating a constant stream of potentially sensitive data. Additionally, its extensions can access browser storage, allowing them to harvest cookies and other credentials, thereby widening the attack surface for malicious actors.
How can extensions in AI‑driven browsers harvest cookies and inject malicious prompts?
Extensions run with the same privileges as the browser, giving them direct access to stored cookies and session tokens. They can also modify the JavaScript that formats user queries before they reach the AI model, injecting malicious prompts that could trigger unintended actions or data exfiltration.
What vulnerabilities have researchers found in OpenAI’s ChatGPT Atlas that could be exploited?
Researchers discovered that Atlas’s persistent "memory" can be abused to inject malicious code, allowing attackers to execute scripts in subsequent sessions. This memory‑based injection bypasses typical input sanitisation, creating a pathway for persistent compromise of user data and browser functionality.
In what ways does Microsoft’s Edge Copilot Mode increase the attack surface of AI‑enhanced browsing?
Edge Copilot Mode integrates a cloud‑based LLM directly into the browsing experience, meaning every page view and user interaction is transmitted to Microsoft’s servers. This continuous data flow, combined with the ability to trigger automated actions, expands potential vectors for data leakage and exploitation by malicious actors.