For decades, Google Chrome reigned as the top web browser for laptops, desktops, and mobile. However, the emergence of generative AI aims to break the mold with a new series of agentic web browsers that can complete tasks with little to no user input. While it might sound convenient to hand over your digital life, security groups are already sounding the alarm, warning that these new browsers come with huge security and privacy risks.

Huge privacy and security risks make these new browsers a liability for anyone who values his personal data.

What is a web browser?

Let’s start with the basics. A web browser is the app on your phone, tablet, or computer that provides a window into the internet, allowing you to search Google, go to websites like Blaze News, and more. Chances are pretty high that you’re reading this article on a browser right now. The most popular browsers today include Google Chrome, Apple Safari, Microsoft Edge, and Mozilla Firefox.

What is an agentic web browser?

An agentic web browser is a typical web browser with artificial intelligence injected into the code, giving it special abilities powered by generative AI. “Agentic” means that the AI in the browser can act as an “agent” on your behalf, autonomously completing tasks on the web that you assign, kind of like a personal assistant.

Some examples of agentic tasks include researching information on Google, booking a hotel on a travel site, filling out online forms for your doctor, buying products on Amazon, and more.

This is a totally new browsing category that just emerged, and its complete list of abilities is not fully fleshed out yet. Unfortunately, even as developers race for agentic browser dominance, huge privacy and security risks make these new browsers a liability for anyone who values his personal data.

Dangers of agentic web browsers

The makers of Brave, a popular web browser that prioritizes privacy and security, were the first to point out the flaws in Comet, the new agentic browser by Perplexity. Their research detailed how a hacker could use “indirect prompt injections” to carry out a malicious attack on the user, prompting agentic AI to navigate to the user’s banking site, extract saved passwords, or steal sensitive information directly from the host PC, all without the user’s knowledge. Perplexity has since responded with its prompt mitigation plan.

Similar concerns cropped up over Atlas, the new agentic browser by OpenAI. According to Axios via antivirus software developer Malwarebytes, researchers quickly discovered that the prompt bar could be exploited to bypass safety protocols and inject instructions to carry out malicious activities. Again, these vulnerabilities allowed researchers to access important data on the host computer. OpenAI refutes these vulnerabilities, claiming that ChatGPT, the AI that powers Atlas, can’t access other apps, files, or passwords.

The real problem with agentic browsers

It’s not a coincidence that the new agentic web browsers from OpenAI and Perplexity both have the same security issues. Their core designs are inherently flawed.

The problem stems from the fact that an agentic browser can complete personal tasks and manipulate private data without the user’s input or knowledge. From the moment you sign up, these browsers receive the keys to your entire digital life, and although you may provide instructions, who’s to say that the AI will always obey?

If an agentic browser can buy products for you, it can purchase the wrong ones. If it can manage your money, it can transfer your funds to a third-party bank account. If it can control your digital life, it can mismanage or even exploit your privacy. And by the time you figure out what happened, it could be too late.

Even if a hacker isn’t behind the keyboard sending out commands, there’s no guarantee that the AI itself will perform as designed. In fact, the only thing we know for sure about generative AI is that it can lie about its activities, hallucinate facts, and even teach itself new concepts all on its own.

Photo Credit: Snizhana Galytska/Getty Images

At the worst, a hacker could destroy your digital life through an agentic browser on your computer. At the very least, an agentic browser could destroy your digital life by itself. Neither option sounds great.

Word of warning

Don’t try an agentic web browser right now. They are simply not ready. Don’t download one to your device. Don’t log into one with your account. Don’t hand over your information. Stay away for as long as you can, at least until some of these vulnerabilities are sorted out, and even then, proceed with caution. The consequences of using an agentic browser are far too risky for the sliver of convenience you’ll receive in return.

An inescapable problem

Unfortunately, you can’t avoid agentic web browsers for long. Right now, you have to go out of your way to download Atlas from OpenAI or Comet from Perplexity. Soon, though, agentic browsers will be practically everywhere.

Google and Microsoft are both working on agentic features for Chrome and Edge, two of the most popular web browsers on the planet. Mozilla, the developers behind Firefox, have AI features in the pipeline, though they claim that users can turn these off. As for Apple, the company hasn’t shared any plans to give Safari an agentic upgrade, but considering how far behind Apple is with Apple Intelligence, this looks unlikely, at least for the foreseeable future.

Agentic web browsers are an interesting — if not dangerous — gimmick that will quickly blossom into a mass consumer product overnight. Unless developers shore up the vulnerabilities in these browsers between then and now, hackers will undoubtedly have a new, shockingly effective way to steal data, money, and more. The only way to protect yourself is to deactivate these features as they roll out, or find a browser that doesn’t support agentic AI at all.