Evaluation record ยท perplexity-comet

Comet

v1.x

Perplexity AI

Agentagentic-browserconsumerprompt-injection-riskproprietary
63
Adequate
About This Agent

Perplexity's Chromium-based agentic browser. Comet Assistant runs in a sidebar with full context of open tabs and can fill forms, book travel, buy products, and manage email and calendars on the user's behalf. Launched on desktop 2025-07-09, Android 2025-11-20, and iOS 2026-03-18, with Comet Enterprise arriving March 2026. Comet is the canonical browser-agent risk surface: the 'CometJacking' prompt-injection class (2025) was demonstrated against it.

Last Evaluated: July 9, 2026
Official Website

Trust Vector Analysis

Dimension Breakdown

๐Ÿš€Performance & Reliability
+
task completion accuracy

Assessment of assistant task completion across summarization, form-filling, booking, and purchase flows from vendor documentation and independent reviews

Evidence
Wikipedia - Comet (browser) โ€” Assistant handles summarization, email drafting, and product purchases directly from the browsing context; agentic completion degrades on complex multi-page checkout and booking flows
mediumVerified: 2026-07-09
tool use reliability

Review of the assistant's reliability operating browser-native tools: tab context, DOM interaction, email and calendar connectors

Evidence
Seraphic Security - Perplexity Comet Browser Key Features โ€” Comet Assistant reliably interacts with web content, tabs, email, and calendars as its native tool surface inside the Chromium engine
mediumVerified: 2026-07-09
multi step planning

Evaluation of multi-step agentic task orchestration across pages and services

Evidence
Perplexity Blog - Comet Enterprise is here โ€” Comet Assistant performs autonomous multi-step tasks like booking flights, managing email, and filling forms for enterprise users
mediumVerified: 2026-07-09
memory persistence

Review of local memory, history-aware assistance, and cross-session personalization

Evidence
Comet Data Privacy & Security FAQs โ€” Browsing data, history, and assistant memory are stored on-device by default and persist across sessions; personal context is sent to Perplexity only when a personal search requires it
mediumVerified: 2026-07-09
error recovery

Assessment of failure handling on dynamic sites from independent reviews; no vendor-published recovery metrics

Evidence
Wikipedia - Comet (browser) โ€” Assistant retries and asks the user for guidance when page automation fails, but independent reviews report stalls and abandoned tasks on dynamic or login-gated sites
lowVerified: 2026-07-09
agent collaboration

Review of concurrent/background task support versus true multi-agent orchestration

Evidence
Perplexity Changelog - Comet iOS Launch and Computer Updates โ€” Single sidebar assistant per browsing context; background task execution exists but there is no user-facing multi-agent composition or delegation
lowVerified: 2026-07-09
๐Ÿ›ก๏ธSecurity
+
tool sandboxing

Security architecture review: the assistant acts with the privileges of the logged-in browser session; Chromium process sandboxing does not contain agent actions

Evidence
Help Net Security - Comet browser exposed users to system-level attacks โ€” SquareX found Comet's embedded MCP API could allow perplexity.ai-privileged code to execute commands on the user's device; the agent itself operates inside the user's fully authenticated browser session rather than an isolated sandbox
mediumVerified: 2026-07-09
access control

Review of enterprise admin controls against the consumer default of full-session agent privileges

Evidence
Perplexity Blog - Comet Enterprise is here โ€” Comet Enterprise (March 2026) adds central admin dashboard, 500+ Chromium policies, MDM deployment, and CrowdStrike Falcon integration; consumer Comet has per-connector permissions but the assistant otherwise inherits full session access
mediumVerified: 2026-07-09
prompt injection defense

Analysis of published prompt-injection research (Brave August 2025, LayerX CometJacking October 2025) and vendor response; patches shipped but the agentic-browser injection class remains structurally unsolved

Evidence
LayerX - CometJacking: How One Click Can Turn Perplexity's Comet AI Browser Against You โ€” CometJacking: malicious instructions in a URL's collection parameter steer the assistant to read connected Gmail/Calendar data and exfiltrate it base64-encoded; Perplexity initially rejected the August 2025 reports as having no security impact
Brave - Agentic Browser Security: Indirect Prompt Injection in Perplexity Comet โ€” Brave showed Comet fed webpage content to its LLM without distinguishing user instructions from untrusted page content, allowing indirect prompt injection (e.g., hidden Reddit comment instructions) to drive cross-site actions on the user's accounts
highVerified: 2026-07-09
data isolation

Review of local-first storage claims against the reality that assistant tasks ship page content and connected-account data to Perplexity's cloud

Evidence
Comet Browser Help Center - Browsing Privacy & Safety โ€” Browsing data stored on-device by default; personal data is sent to Perplexity servers only when the user initiates an assistant task that requires page or account context
mediumVerified: 2026-07-09
open source transparency

Source availability assessment: open engine, closed agent stack

Evidence
Wikipedia - Comet (browser) โ€” Built on open-source Chromium/Blink, but the Comet assistant layer, agent harness, and Perplexity backend are proprietary and unauditable
highVerified: 2026-07-09
๐Ÿ”’Privacy & Compliance
+
data retention

Review of on-device defaults versus cloud retention of assistant interactions

Evidence
Comet Data Privacy & Security FAQs โ€” Local-first storage with user-controllable history; assistant queries and page context sent to Perplexity are governed by its consumer privacy policy, with opt-out of training retention
mediumVerified: 2026-07-09
gdpr compliance

Compliance documentation assessment across consumer and enterprise tiers

Evidence
Perplexity Blog - Comet Enterprise is here โ€” Enterprise tier ships with admin governance, SSO, and enterprise data-handling terms building on Perplexity Enterprise's SOC 2 posture; consumer tier relies on standard privacy policy with fewer guarantees
lowVerified: 2026-07-09
third party data sharing

Data flow analysis of connected-account context routed through Perplexity's multi-model backend

Evidence
Seraphic Security - Perplexity Comet Browser Key Features โ€” Assistant tasks route page content and connected Gmail/Calendar data through Perplexity, which itself orchestrates multiple frontier model backends, widening the data-processing surface
mediumVerified: 2026-07-09
local deployment option

Deployment options assessment: local client, cloud-only agent

Evidence
Comet Browser Help Center - Browsing Privacy & Safety โ€” Browser and its data live locally, but every assistant/agentic feature requires Perplexity cloud inference; there is no offline or self-hosted assistant mode
highVerified: 2026-07-09
๐Ÿ‘๏ธTrust & Transparency
+
documentation quality

Documentation completeness review against the product's risk surface

Evidence
Comet Browser Help Center โ€” Help center, privacy/security FAQs, and changelog cover features and data handling; threat-model and injection-hardening documentation is thin relative to the attack surface
mediumVerified: 2026-07-09
execution traceability

Review of visible step narration versus durable audit trails

Evidence
Perplexity Changelog - Comet iOS Launch and Computer Updates โ€” Assistant narrates steps in the sidebar and shows page actions as they happen; there is no exportable audit log of agent actions for consumers
mediumVerified: 2026-07-09
decision explainability

Assessment of action explanation and citation quality

Evidence
Seraphic Security - Perplexity Comet Browser Key Features โ€” Assistant explains intended actions conversationally with citations for research answers, but model routing and action-selection internals are opaque
lowVerified: 2026-07-09
open source code

Open source assessment

Evidence
Wikipedia - Comet (browser) โ€” Chromium base is open source; the Comet assistant, agent harness, and connectors are closed
highVerified: 2026-07-09
community activity

Adoption, release cadence, and public engagement analysis

Evidence
TechTimes - Perplexity Raises $200 Million for Comet โ€” ~3 million monthly active users by Q1 2026, top-3 iOS App Store ranking at the March 2026 launch, and rapid release cadence across four platforms
highVerified: 2026-07-09
โš™๏ธOperational Excellence
+
ease of integration

Onboarding friction assessment for consumers switching browsers

Evidence
Wikipedia - Comet (browser) โ€” Standard Chromium browser: imports bookmarks, passwords, and extensions; free download since October 2025 on Windows, macOS, Android (2025-11-20), and iOS (2026-03-18)
highVerified: 2026-07-09
scalability

Scalability assessment of fleet deployment and per-user agent limits

Evidence
Perplexity Blog - Comet Enterprise is here โ€” Silent MDM installers deploy Comet across thousands of managed macOS/Windows devices; assistant throughput is bounded by per-user Perplexity plan limits
mediumVerified: 2026-07-09
cost predictability

Pricing model analysis; flat subscription tiers are highly predictable

Evidence
TechTimes - Perplexity Raises $200 Million for Comet โ€” Comet free worldwide since 2025-10-02; Comet Plus $5/mo (80% publisher revenue share), Perplexity Pro $20/mo and Max $200/mo unlock heavier assistant usage โ€” flat tiers with no usage metering
highVerified: 2026-07-09
monitoring capabilities

Monitoring and administration features assessment across tiers

Evidence
Perplexity Blog - Comet Enterprise is here โ€” Enterprise dashboard provides rollout and policy management plus CrowdStrike Falcon telemetry; consumer edition has no agent-action monitoring or audit tooling
mediumVerified: 2026-07-09
production readiness

Maturity assessment weighing funding, platform coverage, and enterprise adoption against a young and actively exploited agent security surface

Evidence
TechTimes - Perplexity Raises $200 Million for Comet โ€” Perplexity raised ~$200M at a ~$20B valuation (finalized June 2026) largely to scale Comet; all-platform availability and enterprise tier signal maturity, while the 2025 injection research record signals an evolving security posture
mediumVerified: 2026-07-09
Strengths
  • +First-mover agentic browser with full platform coverage: desktop 2025-07-09, Android 2025-11-20, iOS 2026-03-18
  • +Sidebar assistant with whole-tab context handles forms, bookings, purchases, email, and calendar tasks in place
  • +Free since October 2025, with flat $5/$20/$200 tiers โ€” no usage metering
  • +Local-first data storage; personal context leaves the device only when an assistant task needs it
  • +Comet Enterprise (March 2026): MDM deployment, 500+ Chromium policies, CrowdStrike Falcon integration
  • +Well-funded roadmap: ~$200M raise at ~$20B valuation (June 2026) explicitly aimed at scaling Comet
Limitations
  • !Canonical prompt-injection target: Brave's indirect-injection findings (Aug 2025) and LayerX's CometJacking (Oct 2025) showed one click could exfiltrate connected Gmail/Calendar data
  • !Perplexity initially dismissed the CometJacking reports as having no security impact before hardening
  • !Assistant acts with the privileges of the user's fully authenticated browser session โ€” no privilege separation
  • !SquareX research (Nov 2025) showed the embedded MCP API could enable device-level command execution
  • !Closed-source assistant layer prevents independent audit of injection defenses
  • !All agentic features require Perplexity cloud inference; no offline or self-hosted mode
  • !No consumer-facing audit trail of actions the agent has taken
Metadata
license: Proprietary (Chromium base is open source)
supported models
0: Perplexity Sonar
1: Frontier models via Perplexity backend (GPT, Claude, Gemini routing)
architecture: Chromium/Blink browser with cloud-backed sidebar agent (Comet Assistant) holding tab context and account connectors
deployment type: Local browser (Windows, macOS, Android, iOS) with cloud agent inference; enterprise MDM deployment
tool support
0: Tab and page context
1: Form filling and web actions
2: Email and calendar connectors (Gmail/Google Calendar)
3: Shopping and booking flows
4: Background tasks
first release: 2025-07-09 (Windows/macOS, Max subscribers); free 2025-10-02; Android 2025-11-20; iOS 2026-03-18; Enterprise 2026-03-17
pricing: Free; Comet Plus $5/mo; Perplexity Pro $20/mo; Max $200/mo; Enterprise per-seat
company: Perplexity AI (~$200M raised at ~$20B valuation, finalized June 2026; ~3M Comet MAU by Q1 2026)

Use Case Ratings

research assistant

Strongest use case: Perplexity search plus tab-aware summarization, comparison, and cited answers directly in the browsing flow

content creation

Drafts emails and posts from page context well; long-form authoring is better served by dedicated tools

data analysis

Can extract and compare data across open tabs, but has no code execution or spreadsheet-grade analysis environment

education

Cited, in-page explanations make it a capable study companion; free tier keeps it accessible