Introduction
Recent research has unveiled a new cybersecurity threat known as CometJacking, which exploits vulnerabilities in Perplexity’s AI browser, Comet. This attack leverages malicious prompts, embedded in seemingly benign links, to extract sensitive user information from connected services like email and calendars.

Key Details

• Who: LayerX, a cybersecurity firm, is at the forefront of highlighting this vulnerability.
• What: The CometJacking attack utilizes a prompt injection technique via a crafted URL that redirects the AI’s functions to steal user data.
• When: The findings were reported on October 4, 2025.
• Where: This threat poses a significant risk wherever Comet browser is employed, particularly in enterprise environments.
• Why: The significance of this attack lies in how it hijacks a trusted AI assistant to access sensitive data without alerting the user.
• How: By clicking a specific malicious link, the AI browser executes hidden commands, transmitting captured data—obfuscated with Base64 encoding—to an external server controlled by the attacker.

Why It Matters
CometJacking highlights critical risks associated with AI-native tools, particularly in enterprise settings where AI-assisted browsers are becoming commonplace. This incident raises concerns over:

• Enterprise security: Traditional defenses may not adequately protect against such innovative threats.
• AI deployment strategies: As organizations adopt AI solutions, the necessity for built-in security measures can’t be stressed enough.
• Data protection: This attack underlines the need for rigorous scrutiny of permissions granted to AI tools.

Takeaway for IT Teams
IT professionals should review current security protocols and assess how AI-enabled tools are integrated within their infrastructures. Evaluating mechanisms to combat prompt injection attacks and ensuring security-by-design for AI applications is essential in safeguarding sensitive information.

For more curated news and infrastructure insights, visit TrendInfra.com.