Since Comet is integrated with 1Password, the hijacked AI could be steered to open the user’s unlocked vault. Using instructions hidden in English and Hebrew to evade detection, the AI could search for credentials or even change the master password. This resulted in a full account takeover, giving the attacker unrestricted access to the user’s passwords.

Just say no to AI assistants in your browser and OS.