Comet
v1.xPerplexity AI
Perplexity's Chromium-based agentic browser. Comet Assistant runs in a sidebar with full context of open tabs and can fill forms, book travel, buy products, and manage email and calendars on the user's behalf. Launched on desktop 2025-07-09, Android 2025-11-20, and iOS 2026-03-18, with Comet Enterprise arriving March 2026. Comet is the canonical browser-agent risk surface: the 'CometJacking' prompt-injection class (2025) was demonstrated against it.
Trust Vector Analysis
Dimension Breakdown
๐Performance & Reliability+
Assessment of assistant task completion across summarization, form-filling, booking, and purchase flows from vendor documentation and independent reviews
Review of the assistant's reliability operating browser-native tools: tab context, DOM interaction, email and calendar connectors
Evaluation of multi-step agentic task orchestration across pages and services
Review of local memory, history-aware assistance, and cross-session personalization
Assessment of failure handling on dynamic sites from independent reviews; no vendor-published recovery metrics
Review of concurrent/background task support versus true multi-agent orchestration
๐ก๏ธSecurity+
Security architecture review: the assistant acts with the privileges of the logged-in browser session; Chromium process sandboxing does not contain agent actions
Review of enterprise admin controls against the consumer default of full-session agent privileges
Analysis of published prompt-injection research (Brave August 2025, LayerX CometJacking October 2025) and vendor response; patches shipped but the agentic-browser injection class remains structurally unsolved
Review of local-first storage claims against the reality that assistant tasks ship page content and connected-account data to Perplexity's cloud
Source availability assessment: open engine, closed agent stack
๐Privacy & Compliance+
Review of on-device defaults versus cloud retention of assistant interactions
Compliance documentation assessment across consumer and enterprise tiers
Data flow analysis of connected-account context routed through Perplexity's multi-model backend
Deployment options assessment: local client, cloud-only agent
๐๏ธTrust & Transparency+
Documentation completeness review against the product's risk surface
Review of visible step narration versus durable audit trails
Assessment of action explanation and citation quality
Open source assessment
Adoption, release cadence, and public engagement analysis
โ๏ธOperational Excellence+
Onboarding friction assessment for consumers switching browsers
Scalability assessment of fleet deployment and per-user agent limits
Pricing model analysis; flat subscription tiers are highly predictable
Monitoring and administration features assessment across tiers
Maturity assessment weighing funding, platform coverage, and enterprise adoption against a young and actively exploited agent security surface
- +First-mover agentic browser with full platform coverage: desktop 2025-07-09, Android 2025-11-20, iOS 2026-03-18
- +Sidebar assistant with whole-tab context handles forms, bookings, purchases, email, and calendar tasks in place
- +Free since October 2025, with flat $5/$20/$200 tiers โ no usage metering
- +Local-first data storage; personal context leaves the device only when an assistant task needs it
- +Comet Enterprise (March 2026): MDM deployment, 500+ Chromium policies, CrowdStrike Falcon integration
- +Well-funded roadmap: ~$200M raise at ~$20B valuation (June 2026) explicitly aimed at scaling Comet
- !Canonical prompt-injection target: Brave's indirect-injection findings (Aug 2025) and LayerX's CometJacking (Oct 2025) showed one click could exfiltrate connected Gmail/Calendar data
- !Perplexity initially dismissed the CometJacking reports as having no security impact before hardening
- !Assistant acts with the privileges of the user's fully authenticated browser session โ no privilege separation
- !SquareX research (Nov 2025) showed the embedded MCP API could enable device-level command execution
- !Closed-source assistant layer prevents independent audit of injection defenses
- !All agentic features require Perplexity cloud inference; no offline or self-hosted mode
- !No consumer-facing audit trail of actions the agent has taken
Use Case Ratings
research assistant
Strongest use case: Perplexity search plus tab-aware summarization, comparison, and cited answers directly in the browsing flow
content creation
Drafts emails and posts from page context well; long-form authoring is better served by dedicated tools
data analysis
Can extract and compare data across open tabs, but has no code execution or spreadsheet-grade analysis environment
education
Cited, in-page explanations make it a capable study companion; free tier keeps it accessible