By Maximilian Schreiner
Publication Date: 2026-03-03 14:00:00
Security researchers demonstrate how a manipulated calendar invite can trick Perplexity’s agentic Comet browser into stealing local files and taking over a full 1Password account.
Security researchers at Zenity Labs have demonstrated two attack paths that exploit Perplexity’s agentic Comet browser. In both cases, all it takes is a manipulated calendar invite. The user simply asks Comet to handle the appointment – and from that moment on, the attack runs silently in the background without any further interaction.
Calendar invites are just one example vector, the researchers say. The same type of attack can be delivered through emails, documents, websites, or uploaded files. The only requirement is that Comet processes the content as part of a delegated task.
The first attack targets the local file system. Instructions embedded in the invite trick Comet into browsing directories, opening sensitive files, and sending their contents to an external server via URL parameters. To the browser, it looks like a normal page request.
The second attack goes much further: Comet navigates to the user’s authenticated 1Password Web Vault, searches stored entries, exposes passwords, and sends the credentials to the attacker. In an escalated version, the agent changes the account password, extracts the email address and Secret Key, and enables a full account takeover. The researchers say their investigation was triggered by the partnership between Perplexity and 1Password announced in…
