The Comet AI browser, developed by Perplexity AI, has advanced AI-powered features but also notable security and privacy concerns. It is not fully safe due to critical vulnerabilities discovered by security researchers.
Security Vulnerabilities
- Comet's AI processes entire webpage content, including potentially malicious hidden commands (called "indirect prompt injection"). This can trick the AI into executing harmful actions like clicking phishing links or extracting personal data without user consent.
- A major vulnerability called "CometJacking" was found, allowing attackers through a single malicious URL to hijack Comet's AI assistant and steal sensitive data from user accounts like emails and calendars.
- These vulnerabilities were publicly disclosed and initially exploited for proof-of-concept attacks showing Comet's significant risk exposure.
- Comet has fixed some of these issues after collaborating with security firms, but concerns about ongoing risks and the effectiveness of new protections remain.
Privacy and Data Tracking
- Comet stores data locally with end-to-end encryption but collects some user data to personalize AI features and ad experiences.
- It is more private than Chrome but less so than browsers like Firefox or Brave due to data tracking for ads.
- Some users distrust the company leadership's intentions, fearing extensive data collection.
Expert and User Perspectives
- Security experts warn traditional browser protections are inadequate for AI-driven browsers like Comet due to AI's full privileges.
- The browser's rapid development prioritized AI integration over robust security safeguards.
- Users who value AI features and customizable privacy settings might find Comet usable but should be cautious and use strict privacy modes.
- Those prioritizing strong online privacy may prefer alternatives like Brave or Firefox.
In summary, Comet AI browser offers cutting-edge AI integration but currently carries significant security vulnerabilities and privacy trade-offs, making it risky for users not specifically seeking its AI capabilities or those handling sensitive information.
