Perplexity Responds to Security Vulnerability Claims - SDN

ShiftDelete.net
FOLLOW US

Perplexity Responds to Security Vulnerability Claims

Perplexity has denied the security vulnerability allegations in its Comet browser. SquareX claims the issue has been quietly fixed.

Perplexity Responds to Security Vulnerability Claims

We’re going through a period of turmoil in the cybersecurity world. Recently, cybersecurity firm SquareX accused Perplexity, an AI-based search engine, of harboring a serious security vulnerability in its Comet browser. SquareX researchers claimed that the browser contained a hidden application programming interface (API) that allowed local commands to be executed. However, Perplexity responded strongly to these claims. The company maintained that the report was completely unfounded and part of a growing problem of “fake security research.”

Serious allegation about AI browser Comet: Vulnerability or manipulation?

According to SquareX, this hidden structure in the Comet browser, known as the “MCP API,” allows embedded extensions to execute arbitrary local commands on users’ devices. This, which traditional browsers strictly prohibit for security reasons, poses a significant risk, according to the researchers. Allegedly, this API can be triggered through the Perplexity.ai page. This means that if someone hacks the Perplexity site, they could theoretically gain access to all users’ devices. SquareX researcher Kabilan Sakthivel stated that this situation disregards the security principles established by browsers like Chrome and Safari over the years.

Comet, Perplexity, güvenlik açığı, SquareX, yapay zeka

Perplexity vehemently denies these accusations. A company spokesperson, speaking to the tech press, emphasized that for the vulnerability to occur, developer mode must be enabled and the user must manually install the malware on the browser. The company states that Comet Assistant cannot perform this action on its own, requiring entirely human intervention. Perplexity also maintains that the claim that user consent is not required for local system access is “categorically false,” stating that explicit user consent is required for every command.

The dispute went beyond technical details and escalated into mutual accusations. Perplexity claimed that SquareX sent them the report as a link to a Google Doc to which they had no access and that they were not given the opportunity to review the details. In response, SquareX refused to back down, claiming that Perplexity had silently updated the browser after the allegations surfaced. The security company stated that independent researchers were able to replicate the attack before the update, but that the same operation was blocked afterward. SquareX describes this as a positive development in making the browser more secure.

With the emergence of AI-powered browsers and tools, security standards are once again being debated. This balance between traditional browser security measures and next-generation AI capabilities is critical for protecting user data. What are your thoughts on this? Do you pay attention to the browser permissions of the AI ​​tools you use, or do you stick with the default settings? Don’t forget to share your thoughts in the comments.

perplexity

SDN Comments 0 Comments

Comment

HOW TOAll

Related News

Elon Musk’s X usage by the numbers: Technology or politics?
Elon Musk’s X usage by the numbers: Technology or politics?
The Steam Machine’s price will be disappointing!
The Steam Machine’s price will be disappointing!
Perplexity Responds to Security Vulnerability Claims
Perplexity Responds to Security Vulnerability Claims
Do Galaxy Watch owners use Gemini?
Do Galaxy Watch owners use Gemini?

SDN Network

Sihirli Elma Yeşil Robot Tech Inside Pembe Teknoloji Future Flow Life

SDN.net

1250 BORREGAS AVENUE, #40, SUNNYVALE, CA
94089 ShiftDelete.Net LLC

info@shiftdelete.net

Shiftdelete.Net is a member of the Association of Internet Media and IT Reporters.

Desteklio