Comet AI Browser has several known significant security vulnerabilities that raise serious safety concerns. Despite claims of enterprise-grade security and privacy features like local encrypted data storage, the browser suffers from critical flaws such as indirect prompt injection attacks. These allow attackers to embed malicious commands in web content or URLs that the AI assistant executes without user consent, potentially leading to theft of emails, calendar data, passwords, and unauthorized actions on user accounts. Security researchers from companies like Brave and Guardio have demonstrated that Comet can be tricked into performing harmful actions such as buying items from fake websites, clicking phishing links, or extracting sensitive data silently. This vulnerability is considered a new and dangerous form of cyberattack that traditional web security methods do not address well. Although some vulnerabilities have been reportedly fixed, ongoing risks remain due to the fundamental design of how Comet processes web content with its AI model. In summary, while Comet offers powerful AI browsing features, it currently poses significant security risks, especially related to prompt injection attacks and data exfiltration, making it less safe compared to more established privacy-focused browsers. Users concerned about privacy and security should be cautious with Comet and consider alternatives or strict privacy modes if they choose to use it.
