How Perplexity’s Comet AI Browser Was Deceived into Purchasing Counterfeit Products Online

A study examining Agentic AI browsers has revealed that these emerging tools are susceptible to both new and traditional schemes that could lead them to interact with malicious pages and prompts. Agentic AI browsers, such as Perplexity’s Comet, can autonomously browse, shop, and manage various online tasks, including handling email, booking tickets, filing forms, and controlling accounts. Microsoft Edge is also integrating agentic browsing features through a Copilot integration, while OpenAI is developing its own platform, codenamed ‘Aura’. Although these tools are primarily targeted at tech enthusiasts and early adopters, Comet is rapidly gaining traction in the mainstream consumer market.

The examination focused on Comet highlighted that these tools were launched with insufficient security measures against known and novel attacks specifically designed to exploit them. Tests conducted by Guardio, a developer of browser extensions that protect against online threats such as identity theft, phishing, and malware, indicated that Agentic AI browsers are vulnerable to phishing, prompt injection, and purchasing from counterfeit shops. In one test, Guardio instructed Comet to buy an Apple Watch from a fake Walmart site created using the Lovable service. The model scanned the site without verifying its legitimacy, navigated to checkout, and autofilled credit card and address details, completing the purchase without human confirmation. 

Categories: Agentic AI Browsers, Security Vulnerabilities, Phishing and Malicious Attacks 

Tags: Agentic AI, Browsers, Security, Phishing, Prompt Injection, Malvertising, SEO Poisoning, Online Threats, Autonomous Tasks, Consumer Market