SquareX uncovered a serious security issue in the Comet browser, revealing a hidden API known as MCP (chrome.perplexity.mcp.addStdioServer). This API allows extensions to execute local commands on users' devices, a capability that traditional browsers restrict. The lack of clear documentation around the MCP API raises alarms, as users remain unaware of the potential risks. Kabilan Sakthivel from SquareX pointed out that Comet has bypassed long-established security measures, putting user trust at risk. The MCP API is currently utilized by the Agentic extension, which can be activated through the perplexity.ai page. While there’s no evidence of current misuse, the potential for exploitation is high. A single vulnerability or phishing attack could give malicious actors unprecedented access to user devices. SquareX demonstrated this risk by showing how a disguised malicious extension could utilize the MCP API to execute harmful software like WannaCry. Moreover, the extended functionality of these embedded extensions is obscured from users, making it impossible for them to disable them even if they suspect a compromise. This lack of transparency means users are blind to significant security risks. Other AI browsers may have similar extensions, but the MCP API appears unique to Comet for now. SquareX urges AI browser developers to improve documentation, undergo security audits, and provide users with the ability to disable risky features. The push for accountability is critical to prevent a dangerous trend in browser security.