TechRadar

Perplexity's Comet AI browser may have some concerning security flaws which could let hacker hijack your device

SquareX discovered hidden MCP API in Comet browser enabling arbitrary local command execution Vulnerability in Agentic extension could let attackers hijack devices via compromised perplexity.ai site ...
Yahoo Finance

Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers

"For decades, browser vendors have adhered to strict security controls that prevent browsers, and especially extensions, from directly controlling the underlying device," explains Kabilan Sakthivel, ...
TechRadar

Perplexity responds to Comet browser vulnerability claims, argues "fake news"

SquareX accused Perplexity’s Comet browser of exposing a hidden MCP API that could enable local command execution Perplexity rejected the claims as “entirely false,” stressing the API requires ...
NextBigFuture

Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers

SquareX released critical research exposing a hidden API in Comet that allows extensions in the AI Browser to execute local commands and gain full control over users’ devices. The research reveals ...
Morningstar

Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers

PALO ALTO, Calif., Nov. 19, 2025 /PRNewswire/ -- SquareX released critical research exposing a hidden API in Comet that allows extensions in the AI Browser to execute local commands and gain full ...