Beware of the 'Comet' App: Perplexity AI's CEO Warns iPhone Users about Fake App on App Store

Comet is positioned to revolutionize the way we interact with the internet by serving as an AI "agentic" browser, a powerful tool developed by Perplexity AI. Unlike conventional browsers, Comet aims to offer more than just web navigation. It is designed to autonomously perform various tasks, ranging from filling out online forms and conducting complex searches to completing assignments and handling workflows. This suite of capabilities positions Comet as an intelligent web companion that transforms the user’s online experience by providing conversational search functionalities and ensuring source transparency, a significant step forward in AI‑assisted browsing.¹

One of Comet's most intriguing features lies in its AI‑driven capabilities, which allows it to serve as a dynamic co‑pilot for users in navigating the digital world. This innovative approach aims to differentiate Comet from traditional browsers which primarily depend on manual user input. The browser’s design is meant to foster efficiency and interactivity, integrating seamlessly into everyday digital tasks and aiding users in finding answers more rapidly. Although still in its developmental stages, the potential for Comet to redefine digital interaction is capturing significant attention from both technology enthusiasts and potential critics alike.¹

However, the journey of integrating cutting‑edge AI capabilities into everyday browsing is not without its challenges. Recently, Perplexity AI's CEO, Aravind Srinivas, issued a warning to iPhone users regarding a fraudulent app masquerading as Comet available on the Apple App Store. This fake app presents significant security risks, emphasizing the need for consumers to exercise caution and wait for official announcements before any downloads.¹

As anticipation builds for the official release of the Comet browser, concerns regarding security vulnerabilities such as "CometJacking" have surfaced. This particular vulnerability could potentially allow malicious actors to hijack the AI by embedding harmful commands within URLs. This poses threats like unauthorized data extraction including emails and calendar appointments, highlighting the critical need for robust security measures as part of Comet's deployment strategy.¹

The introduction of Comet stands at the forefront of discussions on the ethical responsibilities of deploying strong AI technologies in browsing. With its capabilities to autonomously complete tasks, the implications for areas such as educational integrity are profound. Srinivas cautions against the misuse of Comet for activities that could bypass meaningful intellectual engagement, stressing the significance of responsible usage to maintain the credibility of educational and professional environments. This highlights a pivotal moment in the evolution of AI browsers as society grapples with balancing innovation and ethical considerations.¹

The recent warnings from Perplexity AI CEO, Aravind Srinivas, about fake Comet apps on iOS have sparked significant concern among iPhone users and tech enthusiasts. According to a report by,¹ the fake app available on Apple's App Store poses a potential threat by misleading users into believing it is the official Perplexity product. This issue arises amidst the anticipation for the official launch of Comet, an AI‑powered browser designed to enhance web browsing with innovative artificial intelligence capabilities.

Srinivas's warning is timely, given the vulnerabilities identified in AI browsers, specifically the catastrophe referred to as "CometJacking." Independent audits, like those conducted by LayerX, have demonstrated how a malicious URL can hijack the fake app's AI to clandestinely expose sensitive user data without needing usernames or passwords. This concern is compounded by other identified weaknesses such as prompt injection attacks that could allow covert installations of malicious software or unauthorized data access.

Users are advised to exercise discernment and rely only on verified sources for downloading the Comet browser once it is officially released. In the interim, professionals like security experts and tech‑savvy users on platforms such as Reddit and Hacker News are sharing insights and discussing preventive measures to protect against these vulnerabilities. The broader tech community is urged to engage in vigilance and report suspicious apps to prevent exposure to potential scams and security breaches.

Recent revelations surrounding the Comet browser have brought to light critical security vulnerabilities that have raised significant concerns among users and security experts alike. The most alarming issue is the identification of a major security flaw known as 'CometJacking.' This vulnerability allows attackers to hijack the browser's AI assistant by embedding malicious commands in URLs. Such an exploit can enable unauthorized data access, allowing perpetrators to steal sensitive information like emails and calendar details without requiring user credentials. This flaw underscores the potential risks of advanced AI integration within browsers and highlights the urgent need for enhanced security measures.

Independent security audits conducted by well‑regarded firms such as Brave and LayerX have further exposed Comet's vulnerabilities. These audits revealed that the AI component of Comet struggles to differentiate between legitimate and malicious commands, making it susceptible to prompt injection attacks. Such attacks could lead to unauthorized execution of commands, facilitating fraudulent purchases and approving phishing links. This susceptibility has attracted attention to the broader implications of AI in browsers and the security architecture needed to eliminate such risk factors.

Aravind Srinivas, the CEO of Perplexity AI, has publicly advised against downloading the current Comet app available on Apple's App Store, emphasizing that it is not the official product of Perplexity AI. He warned that the fake app poses significant security risks and urged users to wait for the authorized release. This warning highlights the importance of users verifying the authenticity of applications before installation to protect against data breaches and other cyber threats.

The findings of these vulnerabilities cast a shadow on the anticipated release of Perplexity's official Comet AI‑powered browser. While it promises to revolutionize the browsing experience by enabling autonomous task completion and enhanced user interaction, these benefits must be balanced with rigorous security protocols to safeguard user information. The revelation of such vulnerabilities at an early stage underscores the importance of comprehensive testing and security feature integration before official market introduction.

In response to the potential threats posed by these security flaws, experts call for a reevaluation of the current security protocols in AI‑powered browsers. There is an increasing demand for implementing robust sandboxing techniques and enhancing user confirmation dialogs to mitigate risks associated with AI assistants having widespread access to personal data. The "CometJacking" vulnerability exemplifies the need for advanced security measures to protect users from covert data extraction and phishing exploits perpetrated through seemingly benign AI browser operations.

In recent times, the emergence of CometJacking as a significant threat has raised alarms among cybersecurity experts and tech enthusiasts alike. CometJacking represents a novel type of attack that specifically targets AI‑powered browsers, potentially compromising user data. According to security findings, this vulnerability allows hackers to hijack the AI functionalities embedded within browsers like Comet, by embedding malicious commands into URLs. Once accessed, these commands can instruct the browser to execute unauthorized tasks, such as exfiltrating sensitive information like emails and calendar entries, without the user's knowledge or explicit consent.

What sets CometJacking apart from conventional cyber threats is the stealth and efficiency with which it operates. Traditional phishing attacks typically require users to be tricked into divulging their passwords or other credentials. However, CometJacking bypasses such requirements by exploiting the AI’s intrinsic access to integrated services. This means that sensitive information can be harvested without raising any suspicions or requiring direct user interaction beyond a simple click on a compromised link. The implication that the AI itself can be misused to execute harmful operations underscores a monumental shift in how security threats are perceived and addressed in the realm of AI technologies.

The discovery of CometJacking has sparked a broader discussion on the security architecture of AI browsers. Notably, audits by LayerX and other cybersecurity firms highlight the urgent need for more stringent security measures. Discussions revolve around sandboxing AI functionalities and setting stricter parameter controls to ensure that autonomous operations within the browser are constantly monitored and verified. This is crucial to preventing unauthorized manipulations and potential exploitation by malicious actors. These audits also recommend the implementation of robust authentication mechanisms to validate genuine user commands, thus safeguarding personal and organizational data against emerging threats like CometJacking.

The debate over the ethical use of AI in education, such as that prompted by Comet's features, is ongoing and complex. Although some argue that these technologies assist in providing efficient solutions to educational hurdles, there is a critical balance to strike. It is vital for educational ethics to evolve, taking into account the pervasive nature of AI solutions. This sentiment was highlighted in reactions to Comet, where stakeholders urge caution and responsibility in leveraging AI technologies, emphasizing that their application should complement educational goals, nurturing intellectual growth rather than replacing it.

Furthermore, the call for caution extended by ¹ includes a significant warning about the misuse of Comet for tasks like academic cheating, turning a spotlight on the broader ethical obligations of developers. Developers are urged to integrate safeguards and transparency in their products to prevent misuse. With AI’s rapid advancement, developers and educators must collaboratively navigate the thin line between technological innovation and ethical accountability, ensuring that AI’s addition to educational tools supports honest and responsible use guidelines.

The public reaction to the news surrounding Perplexity AI's Comet browser has been notably intense and varied, reflecting a mix of skepticism, alarm, frustration, and enthusiasm. One of the most significant areas of concern is the security vulnerabilities associated with the browser. According to reports, the discovery of "CometJacking" and prompt injection attacks has sparked alarm within security communities. These vulnerabilities have been compared to historic browser zero‑days but are considered more concerning due to the AI’s unsupervised autonomy. There are calls within forums for improved user confirmation dialogs and robust sandboxing to better manage AI assistants' access to personal data.

The announcement about fake iOS apps purporting to be the Comet browser has also spurred significant user frustration. Many iPhone users and tech influencers place some blame on Apple for allowing such apps on their platform, while others criticize Perplexity for not being more proactive in safeguarding their brand. This sentiment was highlighted by the CEO's warning, as detailed in,¹ which urged users to wait for the official version of Comet due to potential security risks and misinformation propagated by these fake apps.

Furthermore, the ethical implications of Comet's advanced AI capabilities have been a hot topic among educators and students alike. There is an ongoing debate regarding whether AI tools like Comet threaten the integrity of academic work. As discussed in various educational forums, there are concerns that autonomous completion of assignments and tasks by AI browsers could undermine traditional educational values and lead to an increase in academic dishonesty. Some educators are calling for a reevaluation of how AI is utilized in academic settings, while students are advocating for the adaptation of educational methods to better align with technological advancements. This discussion is crucial as the Comet browser touts features that could significantly alter how academic work is approached and assessed.

The future implications of AI browsing technology, such as that exemplified by Perplexity AI's Comet browser, are far‑reaching and multifaceted. Economically, the integration of AI into web browsers could revolutionize the industry by drastically improving productivity and user interaction. AI‑native browsers offer the potential to automate routine tasks, making web navigation more intuitive and efficient. This evolution could disrupt the dominance of traditional browsers like Safari, Chrome, and Edge, instigating a competitive shift within the web services market. However, these technological advancements come with significant challenges, particularly relating to security vulnerabilities like the notorious "CometJacking" and prompt injection attacks, which have the potential to undermine user trust due to stealthy data exfiltration risks.¹

Socially, AI‑powered browsing introduces concerning ethical questions. The ability of tools like Comet to autonomously perform complex tasks raises issues of academic integrity and the erosion of independent thinking. Educational institutions may face significant challenges in curbing misuse, prompting discussions around reforming traditional assessment methodologies.¹ Furthermore, the conversations around privacy are amplified when considering AI's extensive data access capabilities—a reality that may spark significant public backlash if not addressed with stringent privacy controls and transparent data handling practices.

Politically, the rise of AI browsers necessitates a reevaluation of existing cybersecurity and data protection legislation. Current frameworks might be insufficient to tackle the complexity of AI‑specific risks, requiring updates to incorporate rigorous security audits and certifications before such technologies are publicly deployed. The prevalence of "CometJacking," for instance, illustrates the kind of sophisticated new threat vectors emerging from AI‑augmented applications, catalyzing debates around necessary policy reforms ¹ as these technologies become more prevalent.

Experts forecast a future where AI‑enhanced browsers not only improve navigational ease and boost productivity but also pose unprecedented security challenges that necessitate new defense strategies. The autonomous capabilities of such AI browsers highlight the potential for misuse if protective measures do not evolve in parallel. This dynamic suggests an impending 'arms race' in the cybersecurity realm, where defensive innovations must quickly adapt to keep pace with the advancing threat landscape presented by AI applications.¹