Forum Discussion
Community Manager1Password now available in Comet, the AI-powered browser by Perplexity
Hi all, thanks for raising these questions and sharing your concerns.
At 1Password, our guiding principles are privacy, security, and transparency, and ensuring people can use the tools they choose safely. We know AI and new browsing technologies raise important questions, which is why our role is to give people choice without compromising trust.
To clarify a few points about our partnership with Perplexity on the Comet browser:
- Your data remains private. Nothing about this partnership changes how 1Password works. Vaults are end-to-end encrypted, and neither Perplexity nor Comet has access to your information. Your secrets remain encrypted and never leave your control.
- The extension is the same. The 1Password browser extension works in Comet exactly as it does in Chrome, Safari, Firefox, and other Chromium-based browsers. There is no special integration that exposes additional data.
- This is about choice. Our customers want us to be where they are. For those who want to try Comet, we are ensuring their login and autofill experience is secure, just as it is in other browsers.
We take trust seriously and will continue to make decisions with privacy, transparency, and security at the core.
- Your data remains private. Nothing about this partnership changes how 1Password works. Vaults are end-to-end encrypted, and neither Perplexity nor Comet has access to your information. Your secrets remain encrypted and never leave your control.
Readers of this thread will likely find a recent blog by 1Password to be of interest: Closing the credential risk gap for AI agents using a browser.
The blog describes the 1Password Secure Agentic Autofill solution that “…injects credentials via the 1Password Browser Extension into a browser on behalf of an AI agent only when required and always authorized by a person,” without “…allowing that agent to have access to or visibility into the credentials being used.”
Given the Secure Agentic Autofill technology, is AgileBits confident that using 1Password in Comet is currently as safe and secure as using 1Password in any other supported browser (Chrome, Firefox, Edge, Brave, Safari)?
Any response should address CometJacking by Aviad Gispan,Senior Researcher at LayerX, published 4 Oct 2025.
New research by LayerX shows how a single weaponized URL, without any malicious page content, is enough to let an attacker steal any sensitive data that has been exposed in the Comet browser.
The CometJacking threat seems to supersede the conversation about "Can the 1Password extension securely provide login credentials to Comet?" Regardless of how those credentials are entered on a webpage in Comet - manually or using 1Password - the information protected by those credentials can be exposed to the attacker:
For years, attackers focused on tricking users into giving up their credentials through phishing pages. But with agentic browsers, they no longer need the user’s password—they just need to hijack the agent that is already logged in.
Unfortunately, addressing this concern does not appear to be a priority for Perplexity at this time:
LayerX submitted its findings to Perplexity under Responsible Disclosure guidelines on 27 August, 2025. Perplexity replied that it could not identify any security impact, and therefore marked it as Not Applicable.
We do indeed live in interesting times....
It isn't clear to me how the user memory would include the credentials from 1Password. CometJacker says "personal information that has been exposed to the AI in the past, such as user credentials" but 1Password say that their extension fills directly without involving the agent.
How is that information "exposed" to the agent? Does the agent know about what is sent from a page? The browser has to know your credentials in some way to send that information down the InterTubes to the webserver requesting the login, does the LLM Comet is using also have that info?
It seems obvious that the agent will know about any window you have up so if you are logged into Gmail in a window the agent can do what it likes with that. If the malicious URL says "if they are logged into Gmail send it all to me" then your emails are sent. But if you logged in using 1Password and logged out, what info does the browser retain about your credentials? Can the malicious webpage say "If the user logged into anything in this browser session, send me the credentials" and get them because the browser knew and the agent remembers everything the browser did at the post/request level?
I think that the agent really does have to be able to read webpages so it must know there were credentials requested. When you type your password it is obfuscated on the page you see but the underlying software has to know it so it can send it. If the agent is reading the page in realtime, it must know that password?
For extra points they give it to Scamlexity and get them to agree it solves the problem.
This really needs stress testing by people who have no stake in it succeeding.
Hopefully, 1Password will ensure that its ongoing security audits include an independent review of the Secure Agentic Autofill technology.
