We recently found, responsibly disclosed and wrote about an indirect prompt injection attack in Perplexity’s Comet browser. The attack exploits agent-controlled browsing in Comet. You can read more on the Brave blog.

Our attack generated a lot of discussion and press: