Zenity Labs Discloses PleaseFix Agentic Browser Vulnerabilities
On March 4, 2026, Zenity Labs disclosed "PleaseFix," a family of critical vulnerabilities targeting agentic browsers, including Perplexity Comet, that enable attackers to hijack AI agents, access local files, and steal credentials within authenticated sessions. The flaws can be triggered by malicious content embedded in routine workflows and include PerplexedBrowser, a Perplexity Comet subfamily with two exploit paths from indirect prompt injection. Vendors and users must apply mitigations.
Key Points
- 1Discloses PleaseFix vulnerabilities in agentic browsers allowing agent hijack, local file access, credential theft
- 2Enables unauthorized actions during authenticated sessions via malicious embedded content and indirect prompt injection
- 3Requires immediate vendor mitigation, prompt hardening, and user session protections to prevent agent compromise
Scoring Rationale
High-impact, broadly applicable agentic-browser exploits; authoritative disclosure but limited public technical detail and vendor mitigations.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems

