The glaring security risks with AI browser agents

Summary

New AI-powered web browsers such as OpenAI’s ChatGPT Atlas and Perplexity’s Comet are trying to unseat Google Chrome as the front door to the internet for billions of users. A key selling point of these products are their web browsing AI agents, which promise to complete tasks on a user’s behalf by clicking around on websites and filling out forms. But consumers may not be aware of the major risks to user privacy that come along with agentic browsing, a problem that the entire tech industry is trying to grapple with. Cybersecurity experts who spoke to TechCrunch say AI browser agents pose a larger risk to user privacy compared to traditional browsers. They say consumers should consider how much access they give web browsing AI agents, and whether the purported benefits outweigh the risks. To be most useful, AI browsers like Comet and ChatGPT Atlas ask for a significant level of access, including the ability to view and take action in a user’s email, calendar, and contact list. In TechCrunch’s testing, we’ve found that Comet and ChatGPT Atlas’ agents are moderately useful for simple tasks, especially when given broad access. However, the version of web browsing AI agents available today often struggle with more complicated tasks, and can take a long time to complete them. Using them can feel more like a neat party trick than a meaningful productivity booster. Plus, all that access comes at a cost. The main concern with AI browser agents is around “prompt injection attacks,” a vulnerability that can be exposed when bad actors hide malicious instructions on a webpage. If an agent analyzes that web page, it can be tricked into executing commands from an attacker. Without sufficient safeguards, these attacks can lead browser agents to unintentionally expose user data, such as their emails or logins, or take malicious actions on behalf of a user, such as making unintended purchases or social media posts. Prompt injection attacks are a phenomenon that has emerged in recent...