This makes Perplexity look really bad. This isn't an advanced attack; this is LLM security 101. It seems like they have nobody thinking about security at all, and certainly nobody assigned to security.

Disclosure: I work on LLM security for Google.

▲

rvz 3 days ago | parent | next [-]

Agreed.

This is really an amateur-level attack even after all this VC money and 'top engineers' not even thinking about basic LLM security for an "AI" company makes me question whether if their abilities are inflated / exaggerated or both.

Maybe Perplexity 'vibe coded' the features in their browser with no standard procedure for security compliance or testing.

Shameful.

▲

soraminazuki 3 days ago | parent [-]

The AI industry has a solution for that. Make outlandish promises, never acknowledge fundamental weaknesses, and shift blame on skeptics when faced with actual data. This happens in any public LLM-related discussions. Problem solved.

	▲	kfarr 3 days ago \| parent [-]
		Funny, this is extremely similar to the now antiquated crypto playbook

▲

ec109685 3 days ago | parent | prev | next [-]

It’s clear if what Comet was doing was safe, Chrome would already have implemented it.

The browser is the ultimate “lethal trifecta”: https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/

Giving an LLM’s agentic loop access to the page is just as dangerous as executing user controlled JavaScript (e.g. a script tag in a reddit post).

▲

fazkan 2 days ago | parent | prev [-]

do you guys have any blog posts technical releases, around LLM security?