New CometJacking Attack Turns AI Browser Into Data Theft Tool With One Click

Discover how 'CometJacking' exploits AI trust, stealing data via malicious URLs, as researchers warn of this new browser threat.

By Content Team

Oct 5, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Security researchers at LayerX discovered a dangerous vulnerability called "CometJacking" that weaponizes Perplexity's AI-powered Comet browser against users. The attack works through a single malicious URL that tricks the browser's AI assistant into stealing personal data from connected services like Gmail and Google Calendar.

Unlike traditional browser attacks, CometJacking exploits the trust relationship between users and their AI assistants. When someone clicks the malicious link, hidden commands in the URL instruct the AI to access user memory and encode stolen data using base64 before sending it to attacker-controlled servers.

Researchers successfully demonstrated email theft and calendar harvesting during testing. LayerX reported the vulnerability to Perplexity in August 2025, but the company initially dismissed it as having "no security impact."

Source: Cybersecurity News

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Congressional Budget Office Hit by Suspected Foreign Cyberattack

Nov 7, 2025

Cl0p Ransomware Gang Names 29 Victims in Oracle EBS Hack Campaign

Nov 10, 2025

Vulnerabilities

Citrix Hit by Another Zero-Day Attack as Hackers Exploit Critical NetScaler Flaw

Aug 28, 2025

PassiveNeuron Cyber Spies Target Organizations With Custom Malware

Oct 22, 2025