Overview
- LayerX detailed how a single crafted URL could trigger Perplexity Comet to read from memory and exfiltrate data to an attacker, with Brave highlighting hidden on‑page instructions that can hijack agent actions.
- OpenAI’s security chief Dane Stuckey and Perplexity acknowledged prompt injection as a serious frontier problem without a complete fix, even as rollouts continue.
- Hands‑on tests show real automation gains, including Comet filling a Kroger pickup cart from a Google Keep list and Atlas adding recommended routers to an Amazon cart.
- Reviewers report Atlas is Mac‑only for now with slower AI‑driven search and missing basics such as vertical tabs, and some site logins and agent tasks remain unreliable.
- Commentators advise against using these browsers as daily drivers and recommend avoiding sign‑ins to sensitive accounts as publishers also see reduced clickthrough from AI overviews.