By @SiliconANGLE
Publication Date: 2026-03-03 14:00:00
A new report out today from Zenity Labs, the research arm of agentic security company Zenity Ltd., details a family of vulnerabilities affecting agentic browsers, including Perplexity AI Inc.’s Comet browser, that can enable zero-click agent hijacking, local file exfiltration and even password vault takeover within authenticated sessions.
The vulnerabilities, dubbed “PleaseFix,” target a new class of AI-powered browsers that go beyond rendering webpages and instead interpret instructions and autonomously execute tasks across applications. According to Zenity’s researchers, the execution model introduces what they call an “agent trust failure” where untrusted content can influence an AI agent to take sensitive actions without the user’s awareness.
In Perplexity’s Comet browser, Zenity identified a subfamily of issues it calls “PerplexedBrowser.”
The first exploit path allows for zero-click compromise, where attacker-controlled content, such as a malicious calendar invitation, can trigger Comet to access the local file system and exfiltrate data while continuing to return expected results to the user. The second exploit path allows attackers to manipulate password manager interactions, including with 1Password Inc., to extract stored credentials or even achieve full account takeover by abusing agent-authorized workflows without directly exploiting a flaw in the password manager itself.
In various tests, the Zenity Labs researchers were able to…
