Comet Goes Free, and the Browser Becomes Your Agent

Perplexity has made Comet free and pushed agent features into the browser itself. Here is what that shift means for search traffic, product design, enterprise security, and the new playbook for teams that depend on the open web.

ByTalosTalos
AI Product Launches
Comet Goes Free, and the Browser Becomes Your Agent

Breaking: a free, AI-first browser just arrived

On October 2, 2025, Perplexity removed the paywall from Comet and announced a background assistant for higher-tier subscribers. The company’s message is simple. Your browser is not a passive window anymore. It is an assistant that reads with you, takes actions for you, and keeps working when you close the lid. For the clearest public summary of the change, see TechCrunch’s coverage of Comet now free with a background assistant.

Perplexity did more than change a price. It bundled three bets into a single release:

  • An ambient side panel that follows your context across tabs and pages.
  • A background worker that can move through multistep chores, then pause for your approval at key checkpoints.
  • Partnerships and seeding strategies designed to spark adoption, including deals with large consumer platforms and easier onboarding through site-building partners.

The point is not another in-page chatbot. It is a new contract with the web, one where you state a goal and the browser does the navigating.

The browser is becoming the default agent runtime

Think back to smartphones in the early 2010s. The home screen started as a static grid of apps. Then notifications, sensors, and background refresh made the phone feel alive. Agent-native browsers are repeating that shift for the desktop and the open web.

A common pattern is emerging:

  • Context in, actions out. The agent sees what you see on the page and can click, type, and submit on your behalf, within guardrails you set.
  • Continuous work. Tasks persist after you switch tabs or step away. A mission control view shows progress while you focus elsewhere.
  • Intent routing. Instead of visiting three sites for flights, hotels, and cars, you describe the outcome. The agent assembles the workflow, cites sources where appropriate, and holds for your confirmation on sensitive steps.

Comet has company. The Browser Company is positioning Dia as an AI-first successor to Arc, designed as a research and navigation workbench. Opera has been shipping assistant features inside its mainstream browsers and is exploring deeper delegation in premium builds. Google is weaving Gemini more tightly into Chrome so the browser can execute multistep tasks from inside the chrome itself. Whether you prefer a minimalist interface or a power-user console, the direction is the same. Your primary interface becomes an agent that understands pages and takes action.

The consequence is a new baseline expectation for everyone building on the web. Your browser should understand the page, carry context across sites, and offer to take the boring steps off your hands.

What makes Comet different right now

Comet’s edge today is the pairing of two modes in one surface:

  • The sidecar. A conversational panel sits beside every page. Ask it to summarize a whitepaper, extract dates from an invite, compare two product specs, or draft a response, all grounded in what is on screen.
  • The background assistant. When a task spans multiple steps or sites, you can hand it off. The assistant proceeds behind the scenes and surfaces approvals when it reaches a sensitive checkpoint, like a cart review or a final email send. The mental model shifts from hunting through tabs to supervising a workflow.

In practice, a prompt might look like this: “Hold three nonstop flights under $600 next weekend, draft a brief to my manager about the Q4 budget trade-offs, and add the cheapest of those flights to my cart for approval.” You can watch the mission control view tick through subtasks or ignore it until the browser pings you.

Near-term effects: SEO and the referral economy

If the browser becomes your agent, the path from query to click compresses. That has immediate consequences for traffic and revenue across the open web.

  • Blue links get displaced. When an answer or plan renders at the top of the page, traditional listings move down. Independent analyses throughout 2025 have reported lower clickthrough for queries with AI summaries or agent-built answers.
  • The ceiling on zero-click rises. AI platforms may still be a minority of total referrals, yet their growth is steep. As agentic browsing moves from opt-in experiments to default settings, a larger share of informational queries will be resolved inside the agent view.
  • Merchants and marketplaces will chase agent feeds. If your buyer’s agent can assemble a cart from multiple sites, inventory and price feeds become the battleground. Expect something that feels like an app store for actions, complete with attribution and payout rules.

For teams that depend on organic referral traffic, the playbook needs an urgent update. If you want a deeper view of how publishers are already adapting to AI answers at the top of results, see our analysis of how publishers seize AI search.

Practical moves to start now:

  • Shift from page-level keywords to answer-level coverage. Agents quote sources that resolve intent cleanly. Build content that answers the entire question, surfaces structured data, and includes comparison-ready tables and bullets that map to agent exractions.
  • Instrument agent referrals. Create server-side tracking for agent user agents and parameters. Run controlled tests to see where your category gains or loses from agentic results.
  • Replace generic affiliates with outcome-based partner offers. If an agent composes a cart, you want to be in its short list with a payout model that rewards inclusion and conversion, not just last click.

The new attack surface: prompt-in-page and auto-click risks

Once a browser can click and type for you, any text it reads can try to steer it. That is the core of indirect prompt injection. A malicious page can hide instructions in content or a query string and then wait for your agent to summarize, extract, or log in. Security researchers have shown that browser-controlling models can be induced to perform harmful actions without explicit user intent, including data exfiltration or destructive clicks, if safeguards are weak. For a clear overview of why this matters, Ars Technica’s analysis of new risks from AI browser agents is a useful primer.

Attackers will probe several routes:

  • Prompt in URL. Long query strings with encoded instructions that the agent dutifully reads and obeys when asked to summarize a page or walk a link chain.
  • Prompt in page. Hidden text in white-on-white, style-zero fonts, or collapsed elements that instruct a model to leak data or click a trap. More naturalistic “topic-transition” tricks blend malicious instructions into plausible content.
  • Covert channels. If the agent can call tools or write to external services, side effects can leak data even when a response is blocked.

Practical controls to adopt now:

  • Require approvals for high-risk actions. Any purchase, publish, or data share should prompt explicit consent in the flow. If users must click to authorize, the blast radius of a bad instruction is contained.
  • Confine context. Limit what the agent can read by default, especially inside work accounts. Use per-site permissions and deny-by-default rules for sensitive domains.
  • Sanitize inputs. Strip or neutralize risky patterns from query strings and hidden elements before passing content to an agent.
  • Keep humans in the loop for credentials. Password managers are beginning to offer human-approved, agent-aware autofill that never exposes secrets to the model. Expect this to become an enterprise default.

Enterprise controls: what buyers should look for

If the browser is becoming the control plane for work, buyers need clarity on guardrails, data handling, and admin visibility. Here is a pragmatic checklist for procurement and security reviews.

Policy and governance:

  • Action approvals. Can you force approvals for purchases, posts, and data shares, and log who approved what and when?
  • Retention windows. What is the default retention for page context and chats, and can you set different policies for regulated and unregulated users?
  • Org-wide deny rules. Can you denylist sites, query patterns, or specific actions at the organizational level and see when a rule blocks something?
  • Isolation options. Do vendor roadmaps support browser isolation or sandboxed sessions for agent-driven work, especially on privileged apps?

Identity and data controls:

  • Single sign-on and step-up auth. Does the browser agent respect SSO, and can sensitive actions require a second factor?
  • Client-side encryption and DLP. Can you apply client-side encryption or data loss prevention policies that keep protected files out of the agent’s context window?
  • Credential boundaries. Ensure that credentials are handled by a manager and never exposed to the model. Verify that logs prove this behavior.

Observability:

  • Mission logs. Can admins see mission-level event streams that show which pages were read, which actions were attempted, and which approvals were granted?
  • Source transparency. Do users see which sources informed an answer and can they toggle or block a source directly from the agent view?

These controls will make or break enterprise adoption. Without them, agent-capable browsers will stall at the proof-of-concept stage.

How agent-capable browsers will reshape behavior in 6 to 12 months

  • From clicks to checks. Users will spend less time clicking and more time reviewing. Design for confirmations and summaries that earn trust. The winners will show their work and make it easy to open sources.
  • Fewer tabs, richer sessions. Agents will aggregate steps into missions. Expect fewer open tabs, longer session durations inside agent views, and lower page churn when delegation succeeds.
  • A new extension economy. Extensions will evolve into capabilities that agents can call. Imagine a marketplace not of sidebar widgets, but of verified actions: pay with a specific wallet, file a help desk ticket, publish a changelog.
  • Attribution rewrites. As agents compose outcomes from multiple sources, last-click credit fades. New models will combine impression-level exposure inside agent views, contribution scoring for snippets, and cart-level payouts.
  • Security baselines ratchet up. Policy packs will block sensitive domains by default, require human approvals for credentialed actions, and flag suspicious prompt patterns. Vendors and standards bodies will race to define common controls.

For teams building agent capabilities, context management becomes a competitive edge. If that topic matters to your roadmap, our deep dive on memory as AI control point outlines how persistent context changes product strategy.

What to do this quarter

For growth leads and publishers:

  • Build answer-complete content that agents prefer. Provide short, scannable sections that resolve the task and expose structured data. Instrument agent referrals and run cohort tests to measure impact by query class. If you rely on affiliates, pilot outcome-based programs with agent platforms so you stay visible when an agent assembles a cart or itinerary.
  • Invest in citations and provenance. Make it easy for agents to quote you. Clear headings, unambiguous numbers, and schema markup increase the odds your content appears inside agent answers.

For product teams:

  • Treat the browser as your agent runtime. Expose capability endpoints an agent can call, not just pages for humans to click. Start with three actions tied to real user jobs, for example create a return label, apply loyalty credit, and schedule a service visit.
  • Design supervision first. Every multistep mission needs clear checkpoints. Use concise, friendly approval cards with a summary of what will happen next and a link to the underlying sources.

For security and IT:

  • Create an agent action policy. Require approvals for anything with material impact and centralize logs across browsers. Set deny-by-default rules for finance apps, developer consoles, and admin tools until vendors prove fine-grained controls.
  • Pilot agent-aware autofill. Keep secrets out of the model by routing credentials through a manager that requires human confirmation.

For executives:

  • Reforecast traffic and acquisition. Model scenarios where 10 to 30 percent of informational queries route through agent views with lower outbound clicks. Shift budget toward channels that reward being the agent’s chosen source.
  • Rewire your roadmap. If a growing share of users will state goals and supervise outcomes, your surface area changes. Prioritize APIs and action endpoints that agents can call, then measure mission completion, not just page views.

If you want to see how agentic patterns are already moving from demos to daily operations, our report on how agentic AI hits the warehouse floor shows what steady-state adoption looks like once the novelty wears off.

The bigger picture

Browsers used to be maps. You typed a destination and followed roads of links. Comet’s free release, together with agent pushes from Dia, Opera, and Chrome, marks the moment the map starts to drive the car while you hold the wheel. It will not be magic and it will not be perfectly safe at the start. But the direction is set. Over the next year, default web usage will tilt from pointing and clicking to stating goals and supervising outcomes.

Teams that design for that reality will feel friction ease and funnels shorten. Teams that wait will wonder where their clicks went. The browser is becoming your runtime for intent. Comet makes that future easier to touch by bringing the entry price to zero. The real competition moves to what your agent can safely and credibly do on your behalf, how transparently it shows its work, and how gracefully it asks for your approval at the moments that matter.

Other articles you might like

HeyGen Video Agent Turns Enterprise Video Into One Prompt

HeyGen Video Agent Turns Enterprise Video Into One Prompt

HeyGen just took enterprise video from brief to LMS delivery with a single prompt and an always-on agent. See what went GA, how it changes creative ops, and a 90-day plan to pilot, govern, and scale.

AI Product Launches
·Read more
Marey Goes Public: Clean Trained Video Enters Production

Marey Goes Public: Clean Trained Video Enters Production

From July to October 2025, Moonvalley pushed its licensed-data video model from closed beta to public release and early studio pilots. The hook is simple and practical: predictable controls, clean training data, and footage you can ship.

AI Product Launches
·Read more
Tinker makes DIY fine-tuning of open LLMs go mainstream

Tinker makes DIY fine-tuning of open LLMs go mainstream

Tinker, a managed fine-tuning API from Thinking Machines Lab, lets teams shape open LLMs with simple loops while keeping control of data and weights. Here is how it changes speed, cost, the agent stack, and safe rollout.

AI Product Launches
·Read more
Agentic AI Hits the Warehouse Floor: From Demos to Daily Ops

Agentic AI Hits the Warehouse Floor: From Demos to Daily Ops

On October 7, AutoScheduler released a free Warehouse Decision Agent, giving operators a low risk way to test agentic AI on real docks. This review covers deployment, governance, and a 90 day ROI plan.

AI Product Launches
·Read more
Replit Agent 3 Goes Autonomous: Build, Test, Ship

Replit Agent 3 Goes Autonomous: Build, Test, Ship

Replit Agent 3 turns coding assistants into autonomous builders that write, run, and fix apps in a real browser. See what changed, what to build first, and a practical playbook for safe and cost-aware adoption.

AI Product Launches
·Read more
Perplexity’s $200 Email Agent Brings Accountable Autonomy

Perplexity’s $200 Email Agent Brings Accountable Autonomy

Perplexity just moved from talk to task with an email agent that works inside Gmail and Outlook. It drafts, files, schedules, and acts under policy. Here is how accountable autonomy in the inbox changes the game.

AI Product Launches
·Read more
Autonomous pentesting goes live as Strix opens its agent

Autonomous pentesting goes live as Strix opens its agent

On October 3, 2025, Strix released an open source AI hacking agent that moves autonomous pentesting from research to production. Learn how it works, what it changes for SDLC and governance, and how to ship it safely.

AI Product Launches
·Read more
The Inflection for Coding Agents: Cursor’s Browser Hooks

The Inflection for Coding Agents: Cursor’s Browser Hooks

Cursor's late September update added browser control and runtime hooks, shifting coding agents from helpers to reliable operators. This guide shows how to build guardrails, policy, and evidence loops that ship fixes faster.

AI Product Launches
·Read more
AgentKit compresses the agent stack so you can ship fast

AgentKit compresses the agent stack so you can ship fast

OpenAI unveiled AgentKit on October 6, 2025, unifying agent design, orchestration, evals, chat, and data connectors in one toolkit. See what shipped, what it replaces, and a practical plan to go from pilot to production in days.

AI Product Launches
·Read more