- SquareX accused Perplexity’s Comet browser of exposing a hidden MCP API that might allow native command execution
- Perplexity rejected the claims as “solely false,” stressing the API requires developer mode, consumer consent, and guide sideloading
- SquareX countered, saying Comet was silently up to date after its proof‑of‑idea, and that exterior researchers replicated the assault
Cybersecurity firm SquareX not too long ago accused Perplexity of maintaining a serious vulnerability in its AI browser, Comet – the latter has now responded, saying the analysis report is “solely false” and a part of a rising “pretend safety analysis” drawback.
SquareX had stated it discovered a hidden API within the Comet browser, able to executing native instructions. That API, named MCP API, permits its embedded extensions to execute arbitrary native instructions on customers’ units, capabilities that conventional browsers explicitly prohibit.
SquareX stated it discovered the API within the Agentic extension, which will be triggered by the perplexity.ai web page, which means that ought to anybody break into the Perplexity web site, they may have entry to units of all of its customers.
Perplexity’s response
For Kabilan Sakthivel, Researcher at SquareX, not adhering to strict safety controls the trade advanced to, “reverses the clock on a long time of browser safety rules established by distributors like Chrome, Safari and Firefox.”
However Perplexity begs to vary, noting in a written response despatched to TechRadar Professional by spokesperson Jesse Dwyer that the report is “solely false”.
The corporate added the vulnerability requires a human to do the work, not the Comet Assistant, and it requires the developer mode to be turned on.
“To duplicate this, the human consumer should activate developer mode and manually sideload malware into Comet,” it stated.
Perplexity additionally stated that Comet not explicitly acquiring consumer consent for any native system entry is “categorically false”.
“When putting in native MCPs we require consumer consent–users are those setting it up and calling the MCP API. They specify precisely what command to run,” Dwyer wrote. “Any further command from the MCP (ex. AI device calling) additionally requires consumer affirmation.”
Moreover, Perplexity says that what SquareX describes as a “hidden API” is in actual fact “merely how Comet can run MCPs domestically”, with permission and consumer consent first obtained.
“That is SquareX’s second time presenting false safety analysis. The primary one we additionally proved was false,” he burdened.
Dwyer additionally claims SquareX didn’t submit a report because it claims. “As a substitute, they despatched a hyperlink to a Google doc, with no context, and no entry. We knowledgeable them we have been unable to open the Google docs, requested entry to the google docs, and by no means heard a reply nor have been granted entry to the docs.”
SquareX additionally fires again
However SquareX isn’t backing down, both.
The corporate additionally stated it noticed Perplexity making a “silent replace” to Comet, wherein the identical POC will now return “Native MCP is just not enabled”.
It claims to have had three exterior researchers replicate the assault, and that Perplexity fastened it a number of hours in the past.
“This is good news from a safety perspective and we’re glad that our analysis might contribute to creating the AI Browser safer,” SquareX concluded, including that it didn’t hear again from Plerplexity on its VDP submission.
The most effective antivirus for all budgets
Observe TechRadar on Google Information and add us as a most well-liked supply to get our knowledgeable information, evaluations, and opinion in your feeds. Be sure that to click on the Observe button!
And naturally you may also observe TechRadar on TikTok for information, evaluations, unboxings in video kind, and get common updates from us on WhatsApp too.
