Perplexity this week launched Comet, an AI-native browser that integrates real-time cryptocurrency data directly from Coinbase. The tool lets users check prices, track portfolios, and execute trades without leaving the browser — but security researchers are already asking whether combining AI web navigation with live financial data creates new attack surfaces for phishing and data leakage.
What Comet does
Comet is built around Perplexity's large language model and includes a built-in sidebar that pulls live crypto pricing from Coinbase's API. Users can query the AI for market moves or ask it to execute basic trades if they're logged into their Coinbase account. The browser also offers AI-summarized news feeds and real-time alerts for price swings — all rendered inside the same window where a user might check email, bank accounts, or social media.
The security headache
The integration of real-time crypto transactions into a general-purpose browser worries some security professionals. The core concern: an AI browser with extension-level access to financial data could be exploited if the model's context window is manipulated via malicious web content. A prompt-injection attack, for instance, might trick Comet into reading a user's Coinbase balance and relaying it to a third-party server without the user noticing. Perplexity has not disclosed specific security audits for Comet's financial data handling, and the company declined to comment on whether external penetration testing was done before launch.
How Coinbase fits in
Coinbase is the sole data partner for Comet's live crypto feeds. The exchange provides API keys that Comet uses to authenticate users and fetch real-time balances and order book data. Coinbase says it vetted the integration before giving the green light, but the arrangement means Comet effectively acts as an authorized broker — raising questions about liability if a user's funds are compromised through the browser. Neither company has published a formal incident-response plan for such scenarios.
What happens next
Comet is available for download starting today on macOS and Windows. Perplexity says it plans to add support for additional exchanges in the coming months. For now, the browser operates under a standard terms-of-service that disclaims responsibility for any financial losses incurred through its crypto features. Security researchers are expected to publish detailed vulnerability assessments in the next week. Users who want to try Comet with real funds may want to wait for those reports — or at least keep their trading activity to a separate, dedicated browser.
