News
PleaseFix: Zero-Click Agent Hijack Vulnerability Family in Agentic Browsers
Zenity Labs disclosed PleaseFix, a family of critical vulnerabilities in agentic browsers including Perplexity Comet. Two exploit paths: (1) zero-click file system exfiltration triggered by a calendar invite — the AI agent accesses local files and exfiltrates data while returning normal results to the user; (2) credential theft via manipulating agent-authorized password manager workflows. PleaseFix is the evolution of ClickFix social engineering but applied to AI agents instead of humans, enabli
↳ Follow the thread