By Thomas Claburn
Publication Date: 2026-03-03 14:01:00
If you wanted to steal local files from someone using Perplexity’s Comet browser, until last month you could just schedule the theft by sending your victim a calendar event.
You might also have been able to access the victim’s 1Password vault if it wasn’t protected by two factor authentication.
Last October, security researchers affiliated with Zenity Labs discovered that Perplexity’s AI browser, Comet, left the user’s local file system unprotected.
“We found two problems,” explained Michael Bargury, CTO of Zenity, in an interview with The Register. “One problem was Perplexity didn’t put a restriction on the AI agent reaching out to anything on the file system.”
Bargury told us the browser could access the file:// protocol, which meant it had access to files on the user’s local machine.
“Typically, a JavaScript application, for example, if you go into a website, a JavaScript application can’t just query a URL from your machine because of cross-origin restrictions. But AI browsers are not respecting cross-origin restrictions to the letter.”
Attackers could…
