Security vulnerabilities in the Perplexity AI app can compromise your passwords and identity.
In 2025, AI apps are gradually replacing search engines, managing shopping lists, and even simulating friendships. However, while these apps assist with day-to-day tasks, they may also be exposing sensitive personal data.
One such app, Perplexity AI, which is known for being sleek and intelligent, has been found to harbor serious security flaws that could lead to data theft, account takeovers, and identity theft. Researchers from Appknox recently investigated Perplexity’s Android app and uncovered several alarming vulnerabilities.
According to their findings, the app’s code contains hardcoded API keys, which means anyone with the technical know-how to decompile the app can access them. With these keys, attackers could exploit backend services, leak user data, and even compromise entire systems. Essentially, storing hardcoded secrets in this way is akin to writing your ATM PIN on the back of your debit card and calling it a security feature.
In addition, Perplexity’s API is misconfigured, allowing any website to send requests to the app’s backend, a configuration that exposes the app to Cross-Site Request Forgery (CSRF) attacks. This means malicious websites could trick the app into leaking user information.
Another major issue is the lack of SSL pinning in Perplexity’s app. This leaves it open to man-in-the-middle (MitM) attacks, where attackers can intercept user searches, steal credentials, and monitor activity in real-time.
The app’s bytecode is also fully exposed, allowing attackers to reverse-engineer the app and either exploit vulnerabilities or create fake versions that could steal data or scam users. Furthermore, Perplexity has no safeguards against debugging or developer exploits, enabling attackers to manipulate the app in a controlled environment and adjust it to suit their purposes.
Appknox’s CEO, Subho Halder, stated, "Our testing highlights critical vulnerabilities in Perplexity AI that expose users to a variety of risks, including data theft, reverse engineering, and exploitation." He urged developers to address these issues immediately and advised users to be cautious when using the app, especially for sensitive activities.
Is Perplexity AI a bigger risk than Deepseek?
Appknox’s report suggests that Perplexity AI might pose an even greater cybersecurity risk than the Chinese AI model Deepseek. "Every vulnerability we found in Deepseek is also present in Perplexity, plus five additional weaknesses that widen the attack surface," said the researchers. "This isn’t just an oversight – it’s a pattern. AI applications are evolving fast, but their security isn’t keeping up."
While Perplexity has more vulnerabilities, Deepseek also has critical flaws, such as unsecured network configurations and exposure to advanced threats like StrandHogg and Janus, making it vulnerable to more sophisticated attacks.
With these flaws being present in leading AI apps, it raises concerns about the security of the countless AI clones flooding app stores.
Found this article interesting? Follow us on X(Twitter) and FaceBook to read more exclusive content we post.
