Perplexity Comet agentic browser vulnerable to zero-click agent hijacking and credential theft

Mar 2026

Zenity Labs disclosed PleaseFix, a family of critical vulnerabilities in Perplexity's Comet agentic browser that allowed zero-click agent hijacking, local file exfiltration, and credential theft. A malicious calendar invite could trigger the browser's AI agent to autonomously access the local file system and send contents to an attacker-controlled server without any user interaction. A second exploit abused agent-authorized workflows to steal credentials from 1Password vaults or achieve full account takeover. Perplexity patched the underlying issue before public disclosure.

Incident Details

Perpetrator:AI platform

Severity:Facepalm

Blast Radius:Perplexity Comet users exposed to silent file exfiltration and credential theft via zero-click agent hijacking

Tech Stack

Perplexity CometAgentic Browser

References

Zenity Labs: PleaseFix Vulnerability - Perplexity Comet Zero-Click Agent Hijack ↗The Register: Perplexity Comet browser hole was exploitable via calendar invite ↗eSecurity Planet: Perplexity Comet Browser Bug Leaks Local Files via AI Prompt Injection ↗