Skip to Content

Can a Calendar Invite Steal Your Data in Perplexity Comet Browser?

By: Author Alex Lim

Posted on

Categories Artificial Intelligence

Home » Artificial Intelligence » Can a Calendar Invite Steal Your Data in Perplexity Comet Browser?

Is Perplexity Comet Browser Safe If a Simple Invite Can Leak Private Files?

Perplexity Comet browser had a serious security risk. In one reported case, a simple calendar invite could lead to data theft.

This matters because a browser should protect private files. It should not let outside content reach a user’s computer data without clear permission.

Reports said attackers could send a calendar invite with hidden instructions. If the user opened that invite in Comet, the browser’s AI features could be pushed into reading local files. That means private data on the device could be exposed.

This issue was tied to weak limits on file access. Security researchers said the browser could reach the file:// protocol. That protocol can point to files stored on a local device. In a safe setup, websites and scripts should face strict barriers when they try to cross from web content to local files. Those barriers help stop silent data access.

Researchers also said the browser did not fully enforce normal cross-origin safety rules. These rules are a core part of web security. They help stop one page from reaching data that belongs to another source. If those controls are loose, an attacker may find a path to sensitive data.

What researchers found

  • Zenity Labs reported earlier concerns about Comet’s security design.
  • One issue involved weak limits on the AI agent’s access to the local file system.
  • Another issue involved browser behavior that did not fully follow standard web isolation rules.
  • A crafted calendar invite could be used as an attack path.
  • The user may not get a clear warning before private data is accessed.

Why this is serious

  • Local files can contain passwords, notes, saved documents, tokens, or work data.
  • Calendar invites look normal, so users may trust them.
  • AI browser features can widen risk if they act on hidden instructions.
  • Silent access is dangerous because users may not know anything went wrong.

Think of the browser like a front desk at an office.

A safe front desk checks every visitor and blocks access to private rooms. In this case, the concern was that a normal-looking calendar invite could act like a fake visitor badge. If the checks were weak, it could guide the AI system into places it should never enter.

Practical takeaway

If a browser includes AI agents with deep system access, it needs tight controls:

Limit access to local files by default.

Enforce strong origin and permission rules.

Show clear warnings before sensitive actions.

Treat calendar content, email content, and web content as untrusted input.

Audit agent behavior often with outside security testing.

The core problem was simple: a normal-looking calendar invite could trigger unsafe browser behavior and expose local data. For any AI browser, convenience must never come before basic security controls.