Trail of Bits conducted an adversarial audit of Perplexity's Comet browser, discovering prompt injection vulnerabilities that allowed the exfiltration of private user data, such as Gmail emails. By leveraging techniques like fake system instructions, fake security mechanisms, and user impersonation, attackers could manipulate the AI assistant into accessing authenticated sessions and transmitting sensitive information to external servers via URL parameters.