Futures
Access hundreds of perpetual contracts
CFD
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Promotions
AI
Gate AI
Your all-in-one conversational AI partner
Gate AI Bot
Use Gate AI directly in your social App
GateClaw
Gate Blue Lobster, ready to go
Gate for AI Agent
AI infrastructure, Gate MCP, Skills, and CLI
Gate Skills Hub
10K+ Skills
From office tasks to trading, the all-in-one skill hub makes AI even more useful.
GateRouter
Smartly choose from 40+ AI models, with 0% extra fees
Brave Creator Reveals Critical Flaws in Perplexity AI's Comet Browser Architecture
Security researchers working with Brave have uncovered a critical vulnerability affecting Perplexity AI’s Comet browser, exposing how user data can be extracted through sophisticated attack vectors embedded within web pages. The research demonstrates that concealed instructions hidden in web content can manipulate the AI assistant into executing unintended actions and inadvertently exposing sensitive information.
How the Attack Works
During their investigation, the Brave creator security team discovered that when users interact with Comet to summarize web pages, the browser fails to properly isolate user commands from injected malicious code. By embedding concealed instructions within Reddit pages and similar platforms, attackers can trick the AI assistant into processing unauthorized requests. This architectural weakness means that the AI makes no distinction between legitimate user requests and hidden commands planted by bad actors.
The Fix That Wasn’t Enough
Perplexity AI acknowledged the issue and claimed to have implemented a patch, insisting that no actual data leaks occurred during the vulnerability window. However, the Brave creator research team has validated that the vulnerability remains exploitable weeks after the supposed fix was deployed. This gap between claimed remediation and actual security posture raises serious concerns about the depth of the patch.
Deeper Structural Problems
What’s particularly troubling is not just this single vulnerability, but the underlying architectural design of the Comet browser itself. According to Brave’s analysis, the browser’s fundamental approach to handling AI commands and user inputs creates a persistent attack surface. The creator team warns that without comprehensive redesign, similar vulnerabilities are likely to emerge repeatedly, suggesting this is symptomatic of broader structural issues rather than an isolated incident.
The findings underscore the importance of rigorous security auditing in AI-powered browsers and the need for developers to implement stricter isolation protocols between user data and AI processing systems.