Overview

• Researchers showed an OAuth attack against Comet that granted full access to a victim’s Gmail and Google Drive, enabling exfiltration of all stored files.
• Tests also forced the AI browser to send a malicious link via a calendar invite while processing inbox tasks, and to download known malware.
• SquareX groups the risks into malicious workflows, prompt injection, malicious downloads and trusted app misuse, pointing to architectural gaps in AI-enabled browsing.
• Existing enterprise tools such as EDR and SASE/SSE lack sufficient visibility to distinguish automated agent actions from human activity inside the browser.
• The report urges browser-native controls including agentic identity, integrated DLP, client-side file scanning and extension risk assessments, as other firms like LayerX corroborate similar Comet exposure risks.