1Password has officially launched its browser extension for Comet, the AI-powered web browser developed by Perplexity, enabling users to access and autofill their credentials securely while interacting with AI-driven web agents.
The integration comes at a critical time for AI-enabled browsers, which have faced scrutiny over their susceptibility to phishing attacks, prompt injection, and credential misuse.
The 1Password extension for Comet allows users to autofill usernames, passwords, and two-factor authentication codes, generate strong credentials, and sync secure information across devices, all while ensuring that sensitive data never enters the AI’s processing context.
The integration specifically addresses mounting concerns around credential security in AI browsing environments. 1Password emphasizes that while AI can streamline web tasks, it introduces new risks when granted access to login data. By using 1Password within Comet, users can shield credentials from being exposed to large language models (LLMs) or autonomous agents acting without direct human oversight.
This move comes just weeks after security researchers at Guardio Labs revealed alarming vulnerabilities in Comet’s behavior during real-world phishing simulations. Researchers Nati Tal and Shaked Chen demonstrated how Comet could be tricked into interacting with fraudulent websites, autofilling payment details, and downloading malicious files, often without alerting or confirming with the user. The tests included a fake Walmart storefront, a live Wells Fargo phishing page, and a prompt injection framework named PromptFix, which successfully manipulated Comet into executing attacker-controlled instructions hidden in webpage content.
Comet, released earlier this year by Perplexity, represents a new class of “Agentic AI” browsers, tools designed to browse, interact, and transact on the internet with minimal user input. While this promises a faster, more automated browsing experience, it also introduces what Guardio Labs terms a “Scamlexity” threat landscape: one where traditional scams are amplified by AI automation, and new exploits emerge that target the AI’s processing logic directly.
1Password’s integration is designed to prevent one of the most dangerous attack vectors in this space: the theft or misuse of login credentials. Unlike traditional password managers that rely on passive storage and retrieval, 1Password’s extension for Comet is built to actively defend against AI-specific risks. Key protections include:
- End-to-end encryption of stored data using 1Password’s Secure Key Derivation (2SKD) technology.
- Deterministic user action for autofill, ensuring that credentials are only filled when explicitly approved by the user.
- Isolation from LLM context, preventing raw credentials from being processed, stored, or leaked by the AI model powering Comet.
Even with 1Password on Comet, users of the AI-powered browser are advised to review actions initiated by AI agents before authorizing credential use, and closely monitor workflows for potential security lapses.
Leave a Reply