{"id":17713,"date":"2025-10-23T22:20:28","date_gmt":"2025-10-23T18:20:28","guid":{"rendered":"https:\/\/azat.tv\/en\/?p=8006543211026644"},"modified":"2025-10-23T22:18:37","modified_gmt":"2025-10-23T18:18:37","slug":"perplexity-comet-browser-security-flaw-lawsuit-referral-program-explained","status":"publish","type":"post","link":"https:\/\/azat.tv\/en\/perplexity-comet-browser-security-flaw-lawsuit-referral-program-explained\/","title":{"rendered":"Perplexity Comet Browser Faces Security Flaw, Lawsuit, and Aggressive Referral Push: What Users Need to Know"},"content":{"rendered":"<div style=\"background: #f7fafc; padding: 15px;\">\n<p><strong>Quick Read<\/strong><\/p>\n<ul>\n<li>Brave researchers uncovered a critical security flaw in Perplexity\u2019s Comet browser, allowing prompt injection via hidden text in screenshots.<\/li>\n<li>The vulnerability bypasses traditional web protections, risking unauthorized account access and data theft.<\/li>\n<li>Perplexity has launched a referral program offering $20 per friend who tries the Comet browser.<\/li>\n<li>Reddit has filed a lawsuit against Perplexity, accusing it of unauthorized data scraping for AI training.<\/li>\n<li>Experts recommend caution when using agentic AI browsers until stronger safeguards are implemented.<\/li>\n<\/ul>\n<\/div>\n<h2>Critical Security Flaw Uncovered in Perplexity Comet Browser<\/h2>\n<p>In October 2025, security researchers from Brave revealed a serious vulnerability in the Perplexity Comet browser\u2014a flaw that exposes users to malicious prompt injections through screenshots. The browser\u2019s unique AI-powered features, designed to enhance user experience, have inadvertently opened the door to a new breed of cyber risks.<\/p>\n<p>At the heart of the issue is how Comet processes screenshots. When a user takes a screenshot of a webpage, Comet\u2019s optical character recognition (OCR) technology extracts <i>all<\/i> visible and hidden text. Attackers can exploit this by using steganography\u2014embedding faint, nearly invisible text within a webpage. While the human eye misses these commands, the AI doesn&#8217;t. Once extracted, the hidden instructions are passed directly to the browser\u2019s AI agent, with no filtering or validation. This allows attackers to manipulate the browser, potentially gaining unauthorized access to accounts, exfiltrating sensitive data, or even compromising corporate systems. <em>CyberPress<\/em> reports that the vulnerability, classified as CVE with a critical score of 8.6, bypasses standard web security measures such as the same-origin policy, traditionally relied on to keep websites isolated from each other.<\/p>\n<p>The implications are alarming. Users logged into sensitive accounts\u2014be it banking, email, or cloud storage\u2014could unknowingly be putting themselves at risk every time they use Comet\u2019s agentic browsing features. Brave\u2019s researchers, Artem Chaikin and Shivan Kaul Sahib, point out that similar vulnerabilities exist in other agentic browsers, such as Fellou. The common thread: AI browsers execute actions on users\u2019 behalf, blurring the boundaries between trusted user commands and untrusted web content.<\/p>\n<p>Brave responsibly disclosed the flaw to Perplexity on October 1, 2025, offering the company time to respond before the public announcement. The research spotlights a fundamental design challenge for AI browsers: how to safely distinguish between genuine user intent and potentially harmful content. Until robust safety barriers are in place, experts recommend users treat these tools with caution\u2014especially refraining from keeping sensitive sessions open or using agentic features without due diligence.<\/p>\n<h2>Referral Program: Cash Incentives and User Growth<\/h2>\n<p>While grappling with security concerns, Perplexity has launched a bold referral campaign to boost adoption of its Comet browser. As reported by <em>ZDNET<\/em>, users can earn $20 for every friend they refer who downloads Comet and asks a question. The referred user receives a free month of Perplexity Pro, valued at $20. The process is straightforward: after signing up, users get a custom referral link, track their invites, and, if successful, receive their payout via Dub Partners, an affiliate marketing platform. Notably, there\u2019s no hard cap on earnings, though payments are subject to a 30-day holding period. The promotion is described as \u201climited time,\u201d with no clear end date in the terms of service.<\/p>\n<p>The offer comes amid a competitive rush in AI-enabled browsing. While browsers like Chrome are integrating AI assistants (e.g., Gemini), Perplexity is betting on more integrated agentic features\u2014capable of learning user habits and interacting with third-party sites and apps. Yet, the aggressive push for growth through cash incentives raises questions: Are users being enticed into a potentially risky ecosystem before all safeguards are in place?<\/p>\n<p>Perplexity warns users not to engage in bulk invitations or spam, as abuse of the referral system could result in bans. The company\u2019s strategy is clear: build a user base rapidly, incentivize engagement, and encourage trial of its AI-centric features. For current and prospective users, the allure of quick cash may be tempting, but it\u2019s wise to weigh the security implications before diving in.<\/p>\n<h2>Reddit Lawsuit: Data Ethics Under Scrutiny<\/h2>\n<p>As if security and growth issues weren\u2019t enough, Perplexity finds itself embroiled in a legal battle with Reddit. According to <em>Mashable<\/em>, Reddit has filed a lawsuit accusing Perplexity of scraping its content without permission to train its AI models. The complaint lists Perplexity alongside data scraping firms such as AWMProxy, Oxylabs, and SerpApi, alleging that Perplexity either directly or indirectly accessed Reddit content via these firms.<\/p>\n<p>Reddit\u2019s case rests on a clever \u201cmarked bill\u201d strategy: it created a test post accessible only to Google\u2019s search engine, then monitored whether Perplexity\u2019s answer engine would surface its contents. Within hours, the AI produced answers containing the test post, suggesting Perplexity scraped Google\u2019s search results for Reddit data. While Reddit has signed licensing deals with some AI companies, it claims no agreement exists with Perplexity, and that previous cease-and-desist letters only resulted in increased citations by Perplexity\u2019s systems.<\/p>\n<p>Perplexity has publicly defended itself, stating to <em>The Verge<\/em> that it has not yet received the lawsuit and that it \u201cwill always fight vigorously for users\u2019 rights to freely and fairly access public knowledge.\u201d The company maintains its approach is principled and responsible, committed to providing factual answers and supporting openness. The outcome of this case could set significant precedent for AI data usage, platform rights, and the responsibilities of AI developers in sourcing information.<\/p>\n<h2>The Challenge of Trust in AI Browsing<\/h2>\n<p>The convergence of a critical security flaw, an aggressive referral campaign, and a lawsuit over data ethics paints a complex picture for Perplexity\u2019s Comet browser. On one hand, the technology promises new levels of productivity and convenience. On the other, the risks\u2014both technical and ethical\u2014are coming into sharper focus.<\/p>\n<p>For users, the main question is one of trust. Can you rely on an AI browser to safeguard your data, respect content boundaries, and avoid exposing you to hidden threats? The answer, for now, seems to be: proceed with caution. While Perplexity\u2019s innovations are pushing the boundaries of what browsers can do, the company faces mounting pressure to address security vulnerabilities and clarify its ethical stance on data usage.<\/p>\n<p>Industry experts suggest several best practices for users: avoid keeping sensitive accounts logged in while using agentic features, scrutinize referral offers before sharing personal links, and stay informed about ongoing legal and technical developments. Ultimately, the promise of AI-enabled browsing will only be realized if trust can be earned\u2014not just through incentives, but through robust security and transparent data practices.<\/p>\n<p><em>Assessment: Perplexity\u2019s rapid growth strategy, innovative AI features, and current controversies highlight both the potential and the pitfalls of agentic browsers. Until meaningful safeguards and ethical clarity emerge, users should weigh convenience against risk, maintaining vigilance as the technology\u2014and its regulatory landscape\u2014continues to evolve.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Perplexity\u2019s AI-powered Comet browser is in the spotlight for a critical security vulnerability, a Reddit lawsuit over data scraping, and a bold cash referral program\u2014raising questions about user safety, ethics, and the future of AI browsing.<\/p>\n","protected":false},"author":1,"featured_media":17712,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"googlesitekit_rrm_CAow5Nm1DA:productID":"","footnotes":""},"categories":[24],"tags":[26206,9189,26205,26207,26209,26208],"class_list":["post-17713","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it","tag-ai-browser-vulnerability","tag-data-scraping","tag-perplexity-comet","tag-prompt-injection","tag-reddit-lawsuit","tag-referral-program"],"featured_image_url":"https:\/\/azat.tv\/en\/wp-content\/uploads\/2025\/10\/tmp_brf7k49.jpg","_links":{"self":[{"href":"https:\/\/azat.tv\/en\/wp-json\/wp\/v2\/posts\/17713","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/azat.tv\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/azat.tv\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/azat.tv\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/azat.tv\/en\/wp-json\/wp\/v2\/comments?post=17713"}],"version-history":[{"count":0,"href":"https:\/\/azat.tv\/en\/wp-json\/wp\/v2\/posts\/17713\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/azat.tv\/en\/wp-json\/wp\/v2\/media\/17712"}],"wp:attachment":[{"href":"https:\/\/azat.tv\/en\/wp-json\/wp\/v2\/media?parent=17713"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/azat.tv\/en\/wp-json\/wp\/v2\/categories?post=17713"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/azat.tv\/en\/wp-json\/wp\/v2\/tags?post=17713"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}