Perplexity Comet: The AI Browser That Wants Your Email, Calendar, Shopping Cart, and Blind Trust

The most insulting thing about Perplexity Comet is not that it wants to be your browser. Everybody in AI wants to be your browser now. The insulting part is that Comet asks for the keys to your inbox, calendar, shopping cart, tabs, and authenticated web sessions, then still needs applause for sometimes summarizing the page you were already reading.

Perplexity's launch pitch was pure founder incense. Comet was supposed to move the web "from browsing to thinking," let you "think out loud," execute complete workflows, and become "like a second brain" for decisions online. 1 The current product page is just as modest: Comet is a "personal AI assistant" that can automate tasks, research the web, organize email, build, create, shop, and delegate everything from inbox wrangling to ordering groceries. 2

So yes, the pitch is basically: what if Chrome had a hyperactive intern living in the sidebar, and the intern was allowed to touch your email?

Comet launched in July 2025 as Perplexity's AI-powered browser, initially limited to subscribers of the $200-per-month Perplexity Max plan and a small invite group. 3 Three months later, Perplexity made the browser free worldwide and said "millions" had signed up on the waitlist. 4

That pricing whiplash is already funny. First, the future of browsing costs $200 a month. Then the future of browsing is free. Then the paid tier gets a new "background assistant" that can run multiple tasks while you go make a sandwich. 4 Apparently the sandwich is where the enterprise value lives.

The business context explains the aggression. CNBC reported in May 2025 that Perplexity was in late-stage talks to raise $500 million at a $14 billion valuation, after being valued at $9 billion in December and $3 billion in June 2024. 5 It also reported Perplexity had just under $100 million in annual recurring revenue. 5

When a company with search ambitions and VC gravity starts building a browser, it is not doing that because tabs are cute. TechCrunch quoted Perplexity CEO Aravind Srinivas saying the goal was to "develop an operating system with which you can do almost everything," and that becoming the default browser could translate to "infinite retention." 3 There it is. Not productivity. Retention. The little word every consumer product wears under the lab coat.

TechCrunch's hands-on test was generous until the browser had to do something messy. Comet Assistant was helpful for simple tasks and could answer questions about pages, social posts, YouTube videos, and even text in a Google Doc. 3 Then the test moved from "tell me about this page" to "help me actually book something," which is where the magic horse turned back into a spreadsheet with anxiety.

The reviewer asked Comet to find long-term airport parking under $15 a day with good reviews, then book a spot. The agent entered completely wrong dates, later said the desired dates were booked, and still wanted the reviewer to complete checkout anyway. 3 That is not an assistant. That is a browser-shaped raccoon wearing a lanyard.

The same review also noted the access problem: to use Calendar, the reviewer had to grant Perplexity permission to view the screen, send emails, look at contacts, and add calendar events, which made them "a little uneasy." 3 Correct. If a normal Chrome extension asked for that much control, half of Hacker News would reach for a pitchfork and the other half would write a Rust replacement.

Perplexity later published a post saying Comet Assistant would show where it is clicking, ask how the user wants it to act, and pause before sensitive actions such as logins or purchases. 6 Good. Also: that is the bare minimum when your product is literally designed to browse logged-in websites on behalf of humans.

Brave's security team found the nastier problem in August 2025. In their proof of concept, a user visited a Reddit post with hidden prompt-injection instructions, clicked Comet's "Summarize the current webpage" button, and Comet processed the hidden instructions as commands. 7 The malicious instructions told Comet to visit Perplexity account pages, extract the user's email address, go to Gmail to read an OTP, and exfiltrate both pieces of information by replying to the original Reddit comment. 7

The attack happened after the user asked for a summary. No "please steal my login code" prompt. No cinematic hacker sequence. Just a web page containing instructions the assistant should have treated as radioactive.

Brave said Perplexity acknowledged the vulnerability, shipped an initial fix, and later testing found the fix incomplete before final testing suggested the issue appeared patched; an update to the disclosure says further testing after publication showed Perplexity still had not fully mitigated the attack class described. 7 That is the part Comet marketing cannot mood-board away. An AI browser is not just a browser with a chatbot. It is a browser with an obedient action layer stapled to untrusted web content.

LayerX added a separate browser-security gut punch. It tested Comet, Genspark, Dia, Chrome, and Edge against the 100 most recent phishing attacks from OpenPhish and PhishTank. Edge blocked 54%, Chrome blocked 47%, Dia blocked 46%, and Comet blocked 7%. 9 LayerX, which sells browser security, has an obvious commercial angle here. Fine. Even with that caveat, "7%" is not a browser-security posture. It is a shrug with a download button.

The mobile app numbers look strong at a glance. Google Play lists Comet at 4.4 stars, 38.4K reviews, and more than 1 million downloads, with the Android app updated on June 18, 2026. 8 That is real adoption. The product is not vaporware.

But the review text tells the more useful story. One reviewer said Comet keeps asking to become the default browser and warned that, until tokens are free, making it the default would be annoying because users would run out too quickly. 8 Another called it "a great start but sadly incomplete," citing no password manager, no bookmark transfer, no extra plugins, and distrust of its tracking protection. 8 A third praised it, then immediately listed missing downloads, native autofill problems, inability to upload or view HTML files, and missing sync. 8

That is the Comet problem in one app-store paragraph: the AI layer wants to perform a whole TED Talk about cognition while the browser layer is still looking for the password manager.

Comet makes more sense if you stop judging it as a utility and start judging it as a distribution grab. Perplexity does not merely want to answer your questions. It wants the place where your questions begin. It wants the tabs, the page context, the authenticated sessions, the shopping intent, the email workflows, and the default-browser habit.

That is why the product feels both ambitious and prematurely invasive. A page-aware assistant is useful. A browser agent that can read your inbox, book things, shop, summarize, compare, and act across sites is strategically huge. But useful does not automatically mean safe, and strategic does not automatically mean ready.

The actual trade is simple: you give Comet more of your web life, and Comet gives you a sidebar that is very good at sounding busy. Sometimes it saves time. Sometimes it enters the wrong dates. Sometimes researchers find ways for web content to boss it around. Sometimes users open the app and discover basic browser furniture is still missing.

Comet is not trash. That would be too easy, and honestly too generous. Trash knows it is trash. Comet is more dangerous because parts of it are genuinely useful.

The sidecar assistant can reduce copy-paste drudgery. Page-aware search is convenient. Cross-tab summarization on mobile is a sensible feature. Perplexity is not wrong that the browser is an obvious place for AI assistance.

But the product Perplexity sold was not "a handy sidebar for asking questions about web pages." It sold the browser as a personal assistant that can execute workflows, make decisions, and collapse the internet into cognition. 1 That version still has a brutal catch: it wants broad trust before it has earned boring reliability.

So here is the roast verdict: Comet is an AI browser that wants to be your second brain, but its real job is becoming Perplexity's first-class distribution pipe. It asks for the kind of access you normally reserve for tools you trust with money, email, and identity. Then the evidence shows an assistant that can hallucinate bookings, trip over prompt injection, and ship as a mobile browser without enough normal browser basics.

Use it for low-stakes research if you like the sidebar. Do not hand it your whole logged-in life and call that productivity. That is not the future of browsing. That is letting a VC-backed autocomplete ferret rummage through your pockets.