Comet Browser Security Breach: Calendar Invite Steals 1Password Data (2026)

Comet Browser Security Breach: Calendar Invite Steals 1Password Data

In early 2026, a critical Comet Browser security breach exposed how Perplexity's AI-powered web browser could be exploited through a simple calendar invite to extract sensitive 1Password credentials. This credential theft incident demonstrated how the browser's agentic architecture—designed to automate tasks and fetch contextual information—could be manipulated by a maliciously crafted iCal file to trigger unauthorized file access and credential harvesting.

How the iCal Exploit Works: Step-by-Step Attack Vector

According to The Decoder, the exploit leveraged Comet's deep integration with the operating system's calendar and file systems. When a user opened a seemingly benign calendar invitation, the browser's AI assistant interpreted embedded metadata as a legitimate request to scan local directories for password vaults. This browser automation vulnerability allowed the system to:

• Autonomously access the 1Password keychain without user consent
• Extract encrypted credential data through file system permissions
• Transmit harvested information to remote servers silently

The entire credential harvesting process occurred without user interaction, making this a particularly dangerous phishing-style attack.

Why AI Browsers Like Comet Are Vulnerable

Comet Browser, marketed as a lightweight, privacy-focused alternative to Chrome, gained popularity for its seamless Perplexity search integration and minimalistic interface. As reported by Oreate AI, the browser was launched as a free product in late 2025 after previously being priced at $200/month, aiming to disrupt mainstream browsers with AI-driven summarization and task automation.

The Agent Architecture Security Gap

This same AI-driven functionality became Comet Browser's Achilles' heel. Unlike traditional browsers, Comet operates as an agent—actively interpreting user intent and executing actions on behalf of the user. While this enhances productivity, it reduces the traditional security layers that require explicit user approval for file access. TechCrunch noted in February 2026 that Perplexity is betting heavily on multi-model AI agents, but this architecture introduces new attack surfaces when permissions are not strictly sandboxed.

Users on Windows, macOS, and Android were all potentially vulnerable. Kotaku highlights Comet's ease of use—importing bookmarks and passwords in one click—which, while convenient, inadvertently made credential migration a low-barrier target for exploitation. The lack of explicit permission prompts during automated file scans allowed the attack to proceed undetected until credentials were already compromised.

Immediate Protection Steps for 2026

Security experts recommend these critical actions:

• Update Comet Browser immediately to the latest patched version
• Enable two-factor authentication on all password managers including 1Password
• Review calendar invite permissions and be cautious of unexpected iCal files
• Monitor 1Password access logs for unusual activity

The Future of AI Browser Security

Perplexity has since issued an emergency patch, disabling agentic file access by default and requiring manual user approval for any system-level interaction. The company has not confirmed whether the exploit was actively weaponized in the wild or remained a proof-of-concept.

This Comet Browser security incident underscores a broader trend: as AI browsers like Comet blur the line between assistant and agent, the security paradigm must evolve from user-driven consent to context-aware risk assessment. Comet Browser remains free and widely used in 2026, but this breach serves as a stark reminder that convenience without rigorous security controls can be catastrophic. The future of AI browsing depends not just on intelligence—but on trustworthiness and robust vulnerability management.