Comet AI: Disappointing first impression
Comet, Perplexity's AI browser, noticeably changes my routine. But does the browser deliver what it promises, and how secure is all of it? Perplexity has made Comet globally free and positions it as a Chrome competitor. At the same time, security researchers warn of new attack surfaces in AI browsers, including specific vulnerabilities in Comet.
Quelle: Own presentation
Introduction
Comet is an 'agentive' browser. An integrated AI helps with searching, summarizing, researching, shopping, or office tasks such as emails and appointments. The AI does not act as an add-on but has direct access to the currently opened page. Technically, Comet is built on Chromium, the same base as Chrome, Edge or Opera. The interface feels familiar, and extensions work. By default, Comet Perplexity als Suche and displays a page assistant that 'sees' what is on the page to answer questions or suggest actions.
Comet launched in July 2025 initially for more expensive Perplexity subscriptions and has been freely available to everyone since early October 2025. Additionally, there is Comet Plus as an optional package; Pro/Max customers have access, for others it costs $5/month. The product pages and changelogs advertise deep integrations (Connectors) for Gmail, Google Calendar, Outlook and other services, including sending emails or creating appointments from the browser.
Meanwhile, security reports made headlines: Brave demonstrated on August 20, 2025 an indirect prompt-injection via a Reddit post, with which Comet could read the one-time code from Gmail and take over an account when the page summary was triggered. In early October 2025, LayerX described the 'CometJacking' attack: even a prepared link is enough to exfiltrate content from email or calendar if Comet has access; according to reports the vulnerability has been patched.
Quelle: youtube.com
First impressions of browser-based AI applications can be mixed.
Analysis
Why this push? Perplexity positions Comet as a browser that 'travels the web with you', handles tasks and thus shortens everyday online work. This increases engagement and data depth. At the same time, the CEO publicly stated that they want to collect data 'outside the app' through the browser to enable hyper-personalization and ads—a clear business-model signal. In the market, several providers are pushing agent-based browsers; the deeper the automation, the greater the benefit—and the risks, because content can become instructions.
Quelle: YouTube
The short product video shows how Perplexity understands the role of the assistant in Comet—useful as a reference for what the tool is meant for.
Evidence shows: Comet is Chromium-based; the AI side panel contextually accesses the active page; integrations for Mail/Calendar are planned. Also documented: launch in July 2025 with an subscription gate, since October 2025 globally free; Comet Plus optional. Security research shows indirect prompt injection ( Brave) ) and 'CometJacking' ( LayerX); ); Patch statements are circulating. The CEO explicitly cited data collection for hyper-personalization as a browser motive.
It is unclear how much Comet computes locally versus in the cloud. The privacy policy describes server-side processing and data transfers including an EU representative, but does not clearly state on-device vs off-device for every Comet action. Here the help is to check settings, consciously control logging and Connectors. The blanket statement: 'There is no EU contact person / no GDPR representation' is false or misleading. The privacy policy mentions DataRep als EEA-Vertreter und Kontaktwege, , including opt-out for training purposes.
Quelle: linkedin.com
Evaluating new technologies like Comet AI often requires a critical examination of first impressions.
Security and Privacy
Perplexity markets 'enterprise-grade security' and points to opt-ins for Connectors as well as revocable access at any time. At the same time, researchers emphasize that agent-based browsing requires new security boundaries because web content can become executable instructions for the AI. Media reports contextualize the latest gaps and point to patched fixes, without seeing the fundamental problem as solved.
For everyday use, Comet means powerful automation and faster work once the AI actually understands the tasks correctly. For security, it means learning new hygiene. First, only enable necessary Connectors and regularly review or revoke them. Second, risky actions (sending emails, calendar access, payments) should always be confirmed consciously and AI summaries on unknown pages triggered only with caution. Third, read privacy settings and data transfers (including DPF/EU) in detail and use opt-outs.
Quelle: YouTube
The test video pragmatically shows strengths and weaknesses in email responses, shopping, and slides—useful to align expectations with reality.
Open questions remain: How robust are patches against new variants of prompt injection, especially when content comes from social feeds, PDFs, or hidden elements? How exactly does Perplexity balance data-driven personalization with GDPR obligations—particularly transparency, purpose limitation, and the legal basis for ad profiles in the EU? And when will it be clearly communicated which Comet features run locally and which server-side, including logging and storage durations?
Quelle: davescomputertips.com
The user interface and the information shown by a browser significantly shape the first impression.
Conclusion
Comet is a bold step toward a 'browser with built-in assistant'—productive when the task structure fits, and at the same time a security learning field for all of us.