Perplexity Comet Exposes Local Files And 1Password

Zenity Labs security researchers found in October 2025 that Perplexity’s Comet AI browser allowed unprotected access to users’ local file systems and could be induced—via calendar-event prompt injections—to open local files and hijack unlocked 1Password extensions. Zenity disclosed the issues on October 22, 2025; Perplexity issued fixes on January 23, 2026 and a second patch on February 13, 2026, highlighting AI-browser guardrail gaps.