Perplexity’s AI-powered Comet web browser is vulnerable to indirect prompt injection attacks, which threat actors can exploit to exfiltrate sensitive data such as passwords, experts have warned.