Working with AI

Comet AI Browser Review: Fast, Focused, and Flawed

I tested Comet in late 2025 and recommended it for creative work alongside Brave for sensitive tasks. Six months later, I dropped Comet entirely. What I found, and why I changed my mind.

8 Oct 2025 · 7 min read · By Sophie Kazandjian

Comet AI Browser Review: Fast, Focused, and Flawed

Update, May 2026: I no longer use Comet.

When I wrote this piece, Comet was the most capable browser-based AI assistant I had tested, and what is below still describes what is possible with this category of tool. What changed for me was not the capability. It was the ethics. Perplexity has Jeff Bezos as an investor, operates under US jurisdiction, and faces ongoing publisher lawsuits over copyright. Handing my browsing data to a Bezos-backed US company stopped being something I was willing to do, however good the product is.

What I use instead: Brave Leo for passive page analysis and Claude in Chrome for the occasional agentic browsing tasks I used to do in Comet, both running inside the Brave browser.

The article stays up because the workflows still teach something useful about browser-first AI for design and content work, but I no longer recommend Comet itself. For the fuller account, including how each alternative scores on ethics and capability, see Ditching Perplexity & Comet: A Guide to Ethical AI Alternatives.

I tested Comet in late 2025 and recommended it for creative work alongside a more privacy-focused browser for sensitive tasks. Six months later, I dropped Comet entirely. Here is what I found while using it, and why I changed my mind.

If you have ever watched Chrome turn your laptop into a space heater during a long editing session, you understand the appeal of Comet. Perplexity's AI browser launched publicly in October 2025 with a promise of speed, focus, and an AI assistant that actually helped without getting in the way.

For designers, writers, and anyone running operations work across multiple client projects, Comet offered real improvements: faster than Chrome, lighter on resources, with an assistant that read the page you were on and could draft, summarise, or generate without making you switch tabs.

Then security research started appearing. Prompt injection attacks, cross-tab data leaks, session hijacking via malicious URLs, all documented by Brave Software, LayerX Security, and other independent teams. None of it theoretical.

This article was originally about how to use Comet's speed without exposing yourself to those risks. It still covers that, alongside the ethics question that eventually changed my position, which the security research alone did not.

What Comet got right

Comet was faster and lighter than Chrome for focused work.

Pages loaded quickly. Tabs stayed responsive through long sessions. The laptop fan stayed quiet. For anyone who edits websites, manages content systems, or moves between client projects through the day, that difference is real.

I tested Comet while updating a five-page client website. Layouts loaded cleanly, CSS edits applied instantly, the whole session stayed smooth.

The built-in assistant lived in a side panel and could:

  • Summarise competitor websites while I drafted proposals

  • Generate short text blocks (headlines, testimonials, email templates)

  • Provide CSS or code snippets for design work

  • Answer research questions without leaving the current tab

  • Draft or refine content on any page being viewed

It felt like a quiet colleague who sped up small decisions so I could stay in the work. Useful for writers generating outlines, designers tweaking layouts, or anyone researching client requests.

Comet also connected to email and calendar systems (Gmail, Outlook, Google Calendar), letting you search, draft, and reply directly from the browser. And Perplexity and Squarespace announced a native integration with one-click analytics, simplified SEO checks, and streamlined asset uploads. The official announcement is here.

Switching from Chrome was simple. Bookmarks, extensions, saved passwords imported in a couple of clicks.

For the kind of work it was good at, Comet was the best browser-based AI I had used.

What the security research found

Between August and October 2025, multiple security teams disclosed vulnerabilities affecting Comet and other AI browsers. These were documented, real-world risks.

Brave Software found that attackers can embed malicious instructions in web pages using invisible text, HTML comments, or screenshots. When you asked Comet to summarise or interact with that page, it could execute the hidden commands without warning.

LayerX Security demonstrated CometJacking: a single malicious URL could hijack Comet's AI assistant to extract data from connected services like Gmail or Google Calendar. The attack worked across open tabs, even if the user never interacted with the malicious site directly.

Cross-tab data exfiltration was the variant that worried me most. If you had multiple tabs open (a client project you were editing, your email inbox, a Google Doc), a compromised tab could instruct Comet's AI to scrape data from the others and send it to an attacker-controlled server. No credential theft required.

Brave's October research showed that Comet could be tricked via nearly invisible text hidden in screenshots, bypassing traditional text-based input filters.

Perplexity patched some of these issues and continued to improve Comet's defences. Both Brave and Perplexity acknowledged that prompt injection remained an unsolved security problem across the entire AI browser category. New attack patterns appeared faster than fixes were deployed.

The dual-browser approach I used to recommend

For about six months I kept Comet as a specialised creative-and-research browser, with Brave handling anything authenticated or sensitive. The split looked like this.

In Comet:

  • Website editing and design (Squarespace, Webflow, WordPress)

  • Content writing and editing

  • Research on trusted sites (Behance, Dribbble, industry publications)

  • Generating layout ideas, CSS snippets, or content outlines

  • Drafting blog posts or proposals

  • Quick mockups or visual references

In Brave:

  • Email and Slack

  • Google Drive with project files and contracts

  • Invoicing and payment systems

  • Banking

  • Client databases and CRM systems

  • Any login-required site for sensitive work

This separation kept Comet's speed and creative benefits while protecting client data from cross-tab exploits. It worked. I used it daily for several months.

Why I left anyway

The security risks were one part of it. What pushed me past the dual-browser arrangement was the bigger question of who I was handing my browsing patterns to.

Perplexity, the company behind Comet, has Jeff Bezos as a major investor. The product is built and operated under US jurisdiction, which means the CLOUD Act applies and the company is subject to US legal pressure. Perplexity faces ongoing publisher lawsuits over how it uses copyrighted content. Across the past year I had also been cancelling other US-based tools and moving toward services with different ownership structures and stronger data protection regimes.

At some point the logic of keeping Comet stopped holding up. I had cancelled ChatGPT for similar reasons, moved away from Amazon, and switched from Chrome to Brave and from Gmail to Proton Mail. Routing my browsing patterns through Perplexity made less sense as part of that.

What replaced Comet was simpler than I expected. Brave Leo handles passive page analysis (summarise this article, extract these key points), running inside Brave itself with the privacy posture that Brave already has. Claude in Chrome handles the agentic tasks I used Comet's assistant for, with Anthropic's track record on the kinds of ethics questions that pushed me away from Perplexity. Both tools work well enough for my actual workflows.

I am not suggesting this is the right answer for everyone. The full reasoning, with each alternative scored on capability and ethics, is in Ditching Perplexity & Comet: A Guide to Ethical AI Alternatives.

If you still want to try Comet

Everything I described above is still true of the product. If you want to use Comet despite the points above, the dual-browser approach is the workable version. Keep Comet for non-confidential creative and research work, and put a privacy-focused browser like Brave on duty for everything authenticated. Limit Comet's connected accounts to the bare minimum. Review the permissions monthly and revoke what you are not actively using.

Never have your banking, client invoices, confidential documents, or sensitive email open in Comet at the same time as you are browsing untrusted websites. Always review AI-suggested actions before approving them. If Comet's assistant proposes something unexpected, like sending an email or making a change you did not request, stop and verify manually.

When researching unfamiliar sites or competitor content, don't ask Comet's assistant to summarise or interact with the page. Switch to a traditional browser for that research, or use Comet's logged-out mode to limit what the AI can access.

These were the safeguards I used while I was still using Comet. They reduce risk without eliminating it. And none of them address the question of who you are routing your browsing patterns through, which was the question that eventually moved me on.

Where the category is going

AI browsers are an early-stage technology that exposes a real tension. The capability is useful while the security and ethics questions have not been worked out. Both Perplexity and OpenAI have acknowledged that prompt injection is unsolved at the protocol level, not just in their specific implementations.

For people choosing how to use this category, the practical questions are how much you trust the company holding your browsing patterns, how separated your sensitive work is from your AI-assisted browsing, and how comfortable you are with the security caveats published by independent researchers.

In my case the answers led away from Comet. Yours might land differently. The work I did to set up the dual-browser approach, and the reasoning behind eventually walking away from it, is what this article is for.

Back to the Journal