Calendar invites let attackers access local files and unlocked 1Password in Perplexity Comet — now patched
Mar 9th 2026
Security researchers showed that malicious calendar invites could make Perplexity's Comet AI browser open local files and, if 1Password was installed and unlocked, take over the vault; Perplexity deployed fixes in January and February 2026 and 1Password added protections.
- Zenity Labs found Comet could be tricked by calendar event content to open file:// links and read local files.
- Researchers demonstrated Comet could be instructed to open an unlocked 1Password extension URL and hijack the vault.
- The technique used hidden content in calendar invites and is an example of indirect prompt injection where AI agents follow untrusted instructions.
- Zenity reported the flaw on October 22, 2025; Perplexity pushed a fix on January 23, 2026, and a second patch on February 13, 2026 after a bypass was found.
- 1Password published a security advisory and added hardening options at the end of January 2026.