This browser was recently launched and is called Comet AI Browser. Currently, the official promotion allows users to get 1 month of Perplexity Pro for free through a referral link(No credit card required):
https://pplx.ai/hellohua34509
Steps to claim the free month:
Download Comet and log in to your account.
Use Comet and ask at least one question.
You’ll receive 1 month of Perplexity Pro for free.
This is the only way to get the free Pro plan. If you don’t use a referral link, you’ll need to pay $20/month to upgrade to Pro.
The promotion is a limited-time offer, and the official site hasn’t announced when it will end — it might end at any time.
Prompt injection just for fun
Imagine having your very own AI agent! Your robot pal who goes out and does useful things for you! Just ask, it’s on the case!
This exploit was discovered by two security guys at the Brave web browser. They put a comment on a post on Reddit with the prompt injection in it. Then they asked Comet to summarise the Reddit web page. [Brave, archive]
Comet then went to their test user’s Perplexity AI login page and grabbed the user’s email address. Perplexity sent back a verification email for that address to login — then Comet read the verification email.
Of course it can read your GMail.
Finally, Comet posted a new comment to Reddit containing the verification email and the login code — and that’s enough for the attacker to take over the test user’s Perplexity account. Then Comet errored out and said it couldn’t summarise the web page.
All the user had to do for all of this to happen was go to a web page and ask Comet to summarise it.
courtesy of David Gerard