Prompt Injection in Production: The 2025 Perplexity Comet Attack
Researchers discovered a significant prompt injection vulnerability in the Perplexity Comet browser, allowing attackers to execute malicious instructions by hiding them within invisible elements on web pages. This indirect prompt injection attack, which requires no user interaction beyond asking the AI to summarize content, can lead to sensitive data exfiltration, including email addresses and one-time passwords. While Perplexity has issued fixes, the underlying architectural issue of AI models not distinguishing between content and instructions remains a broader concern for AI-enhanced applications processing external data. AI
IMPACT Highlights critical security risks in AI browsers and applications that process external content, necessitating robust defenses against prompt injection.