WEBINAR

Comet MCP API Vulnerability

SquareX researchers have discovered a critical security vulnerability in Comet, Perplexity's AI browser. Comet has implemented an MCP API that allows its embedded extensions to execute arbitrary local commands on host devices without explicit user permission. In other words, this MCP API can be exploited to execute known malwares like Wannacry — a capability that traditional browsers explicitly prohibit to confine the damage web threats can do to the browser. 


Although this has since been patched, the webinar covers the high impact of this finding, how we discovered it and best practices for using AI Browsers in the enterprise.


You will learn:

🔍 How the MCP API can be exploited

🎥 Live demos of the attack chain

💼 What this means for AI browser use in the enterprise

PRESENTER

Nishant Sharma

Head of Cybersecurity Research, SquareX

Nishant Sharma leads Cybersecurity Research at SquareX, where he focuses on advancing defenses across browser and enterprise security domains. With over a decade of experience in cybersecurity R&D, Nishant previously served as VP of Labs R&D at INE and led research at Pentester Academy, architecting thousands of hands-on labs in host, network, and cloud security on AWS, GCP, and Azure—used by learners in over 125 countries. A seasoned trainer and frequent speaker at DEF CON, Black Hat, and OWASP events, he has delivered over 15 public talks, authored 10+ technical trainings, and released multiple open-source tools. His current interests lie in innovating defensive security for modern enterprise environments.

Secure Any Browser, Any Device

Deployed as a lightweight extension, SquareX turns any browser, on any device, into a secure enterprise browser.
With access to critical browser metrics, our Browser Detection and Response (BDR) solution empowers organizations to proactively detect, mitigate, and threat-hunt sophisticated client-side attacks.

Find Out More