- SquareX accused Perplexity’s Comet browser of exposing a hidden MCP API that might allow native command execution
- Perplexity rejected the claims as “totally false,” stressing the API requires developer mode, consumer consent, and guide sideloading
- SquareX countered, saying Comet was silently up to date after its proof‑of‑idea, and that exterior researchers replicated the assault
Cybersecurity firm SquareX lately accused Perplexity of protecting a significant vulnerability in its AI browser, Comet – the latter has now responded, saying the analysis report is “totally false” and a part of a rising “faux safety analysis” drawback.
SquareX had stated it discovered a hidden API within the Comet browser, able to executing native instructions. That API, named MCP API, permits its embedded extensions to execute arbitrary native instructions on customers’ gadgets, capabilities that conventional browsers explicitly prohibit.
SquareX stated it discovered the API within the Agentic extension, which might be triggered by the perplexity.ai web page, which means that ought to anybody break into the Perplexity website, they are going to have entry to gadgets of all of its customers.
Perplexity’s response
For Kabilan Sakthivel, Researcher at SquareX, not adhering to strict safety controls the trade developed to, “reverses the clock on many years of browser safety rules established by distributors like Chrome, Safari and Firefox.”
However Perplexity begs to vary, noting in a written response despatched to TechRadar Professional by spokesperson Jesse Dwyer that the report is “totally false”.
The corporate added the vulnerability requires a human to do the work, not the Comet Assistant, and it requires the developer mode to be turned on.
“To duplicate this, the human consumer should activate developer mode and manually sideload malware into Comet,” it stated.
Perplexity additionally stated that Comet not explicitly acquiring consumer consent for any native system entry is “categorically false”.
“When putting in native MCPs we require consumer consent–users are those setting it up and calling the MCP API. They specify precisely what command to run,” Dwyer wrote. “Any extra command from the MCP (ex. AI software calling) additionally requires consumer affirmation.”
Moreover, Perplexity says that what SquareX describes as a “hidden API” is in actual fact “merely how Comet can run MCPs domestically”, with permission and consumer consent first obtained.
“That is SquareX’s second time presenting false safety analysis. The primary one we additionally proved was false,” he pressured.
Dwyer additionally claims SquareX didn’t submit a report because it claims. “As an alternative, they despatched a hyperlink to a Google doc, with no context, and no entry. We knowledgeable them we had been unable to open the Google docs, requested entry to the google docs, and by no means heard a reply nor had been granted entry to the docs.”
SquareX additionally fires again
However SquareX isn’t backing down, both.
The corporate additionally stated it noticed Perplexity making a “silent replace” to Comet, during which the identical POC will now return “Native MCP just isn’t enabled”.
It claims to have had three exterior researchers replicate the assault, and that Perplexity fastened it just a few hours in the past.
“This is good news from a safety perspective and we’re glad that our analysis may contribute to creating the AI Browser safer,” SquareX concluded, including that it didn’t hear again from Plerplexity on its VDP submission.
The very best antivirus for all budgets
Comply with TechRadar on Google Information and add us as a most popular supply to get our skilled information, critiques, and opinion in your feeds. Ensure to click on the Comply with button!
And naturally you can even observe TechRadar on TikTok for information, critiques, unboxings in video type, and get common updates from us on WhatsApp too.
