- Pro
- Security
Researchers said Comet can be abused to execute local commands - Perplexity says otherwise
Comments (0) ()When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
(Image credit: Perplexity AI)
- SquareX accused Perplexity’s Comet browser of exposing a hidden MCP API that could enable local command execution
- Perplexity rejected the claims as “entirely false,” stressing the API requires developer mode, user consent, and manual sideloading
- SquareX countered, saying Comet was silently updated after its proof‑of‑concept, and that external researchers replicated the attack
Cybersecurity company SquareX recently accused Perplexity of keeping a major vulnerability in its AI browser, Comet - the latter has now responded, saying the research report is “entirely false” and part of a growing “fake security research” problem.
SquareX had said it found a hidden API in the Comet browser, capable of executing local commands. That API, named MCP API, allows its embedded extensions to execute arbitrary local commands on users’ devices, capabilities that traditional browsers explicitly prohibit.
- Amazon Black Friday deals are live: here are our picks!
SquareX said it found the API in the Agentic extension, which can be triggered by the perplexity.ai page, meaning that should anyone break into the Perplexity site, they will have access to devices of all of its users.
You may like-
OpenAI's shiny new Atlas browser might have some serious security shortcomings - and it's not the only one under threat from dangerous spoof attacks
-
I just tried the Comet browser from Perplexity – and I can’t believe it’s free now
-
OpenAI's new Atlas browser may have some extremely concerning security issues, experts warn - here's what we know
Perplexity's response
For Kabilan Sakthivel, Researcher at SquareX, not adhering to strict security controls the industry evolved to, “reverses the clock on decades of browser security principles established by vendors like Chrome, Safari and Firefox.”
But Perplexity begs to differ, noting in a written response sent to TechRadar Pro by spokesperson Jesse Dwyer that the report is “entirely false”.
The company added the vulnerability requires a human to do the work, not the Comet Assistant, and it requires the developer mode to be turned on.
“To replicate this, the human user must turn on developer mode and manually sideload malware into Comet," it said.
Are you a pro? Subscribe to our newsletterContact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.Perplexity also said that Comet not explicitly obtaining user consent for any local system access is “categorically false”.
“When installing local MCPs we require user consent--users are the ones setting it up and calling the MCP API. They specify exactly what command to run,” Dwyer wrote. “Any additional command from the MCP (ex. AI tool calling) also requires user confirmation.”
Furthermore, Perplexity says that what SquareX describes as a “hidden API” is in fact “simply how Comet can run MCPs locally”, with permission and user consent first obtained.
You may like-
OpenAI's shiny new Atlas browser might have some serious security shortcomings - and it's not the only one under threat from dangerous spoof attacks
-
I just tried the Comet browser from Perplexity – and I can’t believe it’s free now
-
OpenAI's new Atlas browser may have some extremely concerning security issues, experts warn - here's what we know
“This is SquareX's second time presenting false security research. The first one we also proved was false,” he stressed.
Dwyer also claims SquareX did not submit a report as it claims. “Instead, they sent a link to a Google doc, with no context, and no access. We informed them we were unable to open the Google docs, requested access to the google docs, and never heard a reply nor were granted access to the docs.”
SquareX also fires back
But SquareX isn’t backing down, either.
The company also said it spotted Perplexity making a “silent update” to Comet, in which the same POC will now return “Local MCP is not enabled”.
It claims to have had three external researchers replicate the attack, and that Perplexity fixed it a few hours ago.
“This is excellent news from a security perspective and we are glad that our research could contribute to making the AI Browser safer,” SquareX concluded, adding that it did not hear back from Plerplexity on its VDP submission.
The best antivirus for all budgetsOur top picks, based on real-world testing and comparisons➡️ Read our full guide to the best antivirus1. Best overall:Bitdefender Total Security2. Best for families:Norton 360 with LifeLock3. Best for mobile:McAfee Mobile Security
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
Sead FadilpašićSocial Links NavigationSead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
Logout Read more
OpenAI's shiny new Atlas browser might have some serious security shortcomings - and it's not the only one under threat from dangerous spoof attacks
I just tried the Comet browser from Perplexity – and I can’t believe it’s free now
OpenAI's new Atlas browser may have some extremely concerning security issues, experts warn - here's what we know
1Password and Perplexity partner on Comet AI browser - a full time personal assistant with security by default
Google says it won't fix this potentially concerning Gemini security issue
Comet AI browser lands on Android
Latest in Security
D-Link routers under threat from dangerous flaw - here's how to stay safe
Second-order prompt injection can turn AI into a malicious insider
Too good to be true? Be careful when looking through those Black Friday offers - they might be a scam
AI agents are fuelling an identity and security crisis for organizations
US FCC repeals cybersecurity rules aimed at preventing Salt Typhoon-esque attacks
SonicWall tells customers to patch SonicOS flaw allowing hackers to crash firewalls
Latest in News
How to watch Fake Friend: The Ticket Scammer online — it's *FREE*
How to watch Prisoner 951 online — it's *FREE* on BBC iPlayer
How to watch Changing Ends season 3 on ITV — it's *FREE*
How to watch The Age of Disclosure online – stream 'credible' UFO documentary, cheapest ways
The Full Screen Experience is moving from handhelds to full PCs
These three relatively affordable products could start off Apple's 2026
LATEST ARTICLES- 1Microsoft is hoping to kill off its most embarrassing BSOD errors for good - farewell to big-screen outages in the wild
- 2'I do hope and pray that at some point...there's a character that I would make sense for James [Gunn] to put me back into something,' says Polka-Dot Man's David Dastmalchian
- 3Nano Banana Pro cast a design spell in NotebookLM to explore the legend of Camelot
- 4Phasmophobia’s new diner map is small but mighty, serving up horror Easter eggs and terrifying claustrophobic hunts
- 5Anthropic buys $30 billion of Azure cloud capability - and nets $15 billion investment from Microsoft and Nvidia in return
