Since Comet is integrated with 1Password, the hijacked AI could be steered to open the user’s unlocked vault. Using instructions hidden in English and Hebrew to evade detection, the AI could search for credentials or even change the master password. This resulted in a full account takeover, giving the attacker unrestricted access to the user’s passwords.

Just say no to AI assistants in your browser and OS.

Whew. Very glad to see this was not a general vulnerability in 1password. That would be bad.