AI browsers are a security nightmare.

People have used a wide variety of browsers in the last few years, including a new generation called AI browsers or agentic browsers. Besides displaying web pages, they also work on your behalf using AI agents . The most popular browsers currently are Comet and Perplexity's Dia, while Google has integrated Gemini into its Chrome browser. While AI browsers can be useful for certain tasks, they are also a security nightmare in the way they handle data.

 

What is an AI browser?

Essentially, an AI browser is a web browser with built-in artificial intelligence that does more than just display web pages for you. Instead of being a passive tool, it acts as an enthusiastic assistant, always ready to answer your questions.

 

Concerns about data privacy in AI-powered web browsing.

Browsers and AI agents often request extensive access to user data, raising privacy concerns. These tools can collect extensive browsing and user interaction data for AI processing.

The very features that make these AI browsers powerful, such as reading all open tabs, indexing local files, and integrating email or calendar, also mean they interact with and process vast amounts of user data, much of which can be highly confidential. Without robust safeguards, AI browsers could inadvertently upload or expose sensitive data beyond your control.

"Security risks depend on how AI is integrated into the browser," Shivan Kaul Sahib, Vice President of Privacy and Security at Brave, told MakeTechEasier. "If AI acts as a user-activated assistant and the assistant's capabilities are significantly limited, then the security risks are equivalent to traditional web browsing. In terms of security, things become more complicated when you start giving AI the ability to browse on your behalf," Sahib added.

 

Researchers at Brave discovered such a vulnerability that allows access to multi-domain accounts through malicious prompts. When the Comet assistant is asked to summarize a webpage, it feeds the page content into the AI ​​without separating the user's instructions from the text on the page. An attacker can hide instructions on a webpage to trick the AI ​​into executing commands, thereby switching to other tabs or services. The Brave team showed that a piece of code generated on a webpage can cause the Comet agent to access the user's email on a different tab.

Beyond specific vulnerabilities, security experts warn that AI agents expand the 'attack surface' for cyber intrusions. OpenAI founder and CEO Sam Altman himself has acknowledged that empowering their agents (Operators) creates new risks and significantly increases the scope of the attack vector.

Trading privacy for unfinished features.

AI browsers promise to simplify online tasks, but the reality is they're not worth sacrificing your privacy for, at least not yet. Tests show that the convenience they offer often comes at the cost of speed, reliability, and security.

 

When using Perplexity's Comet, you'll initially be impressed by the idea of ​​the browser automatically doing the searching for you. However, the experience quickly becomes frustrating. Simple tasks take much longer than if done manually. For example, the author of this article asked Comet to compare keyboard prices across different platforms. Instead of providing quick results, the process took about 5 minutes. In the same amount of time, you could perform the same search in seconds using a traditional browser.

The author also tested OpenAI's Operator, which yielded slightly better results than Comet, but was still far from perfect. AI frequently makes mistakes, and you'll find yourself questioning its responses rather than trusting them.

 

How malicious actors can easily abuse AI browsers.

Besides poor performance, the real danger lies in the fact that these browsers can be easily exploited as weapons.

A particularly alarming experiment by security firm Guardio, called 'Scamlexity', revealed how easily an AI browser can be abused. Researchers set up a fake e-commerce website and instructed Comet to purchase an Apple Watch. Remarkably, in several tests, Comet added items to his cart, then proceeded to use the user's saved credit card and payment information to attempt a purchase, sometimes without prompting for confirmation.

In another experiment, Guardio sent a phishing email impersonating Wells Fargo. Comet, having access to the user's inbox, not only opened the email but also clicked on the phishing link and offered to help send login credentials to a fake website.

"AI-powered browsers are a double-edged sword, so developers must implement sandbox mechanisms, restrict AI access to sensitive functions, and conduct counter-testing to simulate attacks. On the other hand, it's crucial for users to enable security extensions, avoid sharing sensitive data with AI tools, and demand transparency in AI processing to curb the growing wave of exploits," advises Chandrasekhar Bilugu, CTO of IT security management company SureShield.

These tests and expert advice highlight a serious problem. The very features designed to make AI browsers useful are actually the ones that pose a potential privacy and security nightmare. Until these issues are addressed with stronger safeguards, using AI browsers means relinquishing control over your sensitive data in exchange for underdeveloped functionality.