Zenity Labs Discloses PleaseFix Agentic Browser Vulnerabilities

On March 4, 2026, Zenity Labs disclosed "PleaseFix," a family of critical vulnerabilities targeting agentic browsers, including Perplexity Comet, that enable attackers to hijack AI agents, access local files, and steal credentials within authenticated sessions. The flaws can be triggered by malicious content embedded in routine workflows and include PerplexedBrowser, a Perplexity Comet subfamily with two exploit paths from indirect prompt injection. Vendors and users must apply mitigations.