Cybersecurity News in Asia

Features
- Featured
  
  Editor's pick: Cybersecurity trends in 2026
  
  Wednesday, January 7, 2026, 10:36 AM Asia/Singapore | Cyberthreat Landscape, Features
- Featured
  
  Exploding identity fraud and deepfakes challenge manual oversight of autonomous AI
  
  Tuesday, December 30, 2025, 9:27 AM Asia/Singapore | Features, Newsletter
- Featured
  
  Amid rapid digitalization and lagging cybersecurity oversight, India buckles up
  
  Monday, December 22, 2025, 4:50 AM Asia/Singapore | Features
Opinions
Tips
Whitepapers
Awards 2025
Directory
E-Learning

Agentic browser exposes users to critical vulnerabilities and effortless cyberattacks

By CybersecAsia editors | Tuesday, November 25, 2025, 12:33 PM Asia/Singapore

Recent threat research is showing that emerging agentic AI browsers can unpredictably reshape and exacerbate the already-fraught cybersecurity threat landscape.

Researchers have discovered a hidden Model Context Protocol (MCP) API within the newly launched Perplexity Comet browser.

The flaw enables arbitrary local command execution — something that traditional browsers strictly prohibit. This means that if a threat actor compromises Perplexity’s website, they could use the browser’s agentic extension to run malicious code on user machines, potentially triggering notorious malware with only minor exploitation steps.

The risk extends beyond conventional credential theft: attackers can sideload spoofed extensions or use network attacks, phishing, or insider threats to gain control, making the attack vectors unprecedented in their reach.

Prompt injection: a new abuse mechanism

Separately, investigations into the new AI-driven browser have uncovered an attack technique dubbed “CometJacking”. By embedding malicious prompts within a specially crafted URL — sent via phishing, or dropped onto a web page — attackers can flip the Comet browser from helpful assistant to data theft tool:

Instead of credential harvesting, these attacks exploit the browser’s AI agent, which already has authorized access to many popular collaboration apps and services.
The malicious instructions, inserted as query parameters, allow attackers to exfiltrate sensitive personal or business data with a single click.
Simple obfuscation techniques such as Base64 encoding can be used to trick the browser into bypassing built-in protections.

Takeaway lessons on agentic AI browsers

The findings reveal that agentic AI browsers interpret and act on natural language commands, meaning attackers no longer need to use traditional malware or rely on tricking the human user directly.

The AI itself can be tricked through indirect prompt injections embedded in places such as Reddit spoiler tags. Researcher assert that there are insufficient barriers between user prompts and untrusted page content; poor alignment checks to prevent unintended operations; and inadequate confirmation steps for sensitive actions. To wit, even after Perplexity issued a fix for their browser, independent retesting have found that vulnerabilities persist

Experts warn that the entire concept of agentic browsing is reshaping the cybersecurity threat landscape. AI-native tools open novel attack vectors that bypass familiar web controls. Closed proprietary systems make it difficult for outside experts to verify security improvements or patch efficacy.

As enterprise adoption of AI browsers accelerates, organizations will need to urgently develop mechanisms to detect and neutralize malicious agent prompts — underscoring that “trust” is now the hardest problem to engineer for the next generation of browsing solutions.