SquareX warns Perplexity's Comet AI browser contains a hidden MCP API that bypasses security, allowing attackers to install malware and seize full device control.

Attackers are exploiting Google Ads with fake Comet Browser download links to spread malware disguised as Perplexity’s official installer. The campaign, tracked by DataDome, has ties to DarkGate.