Gartner has recommended that enterprises block use of AI browsers until the associated risks can be adequately managed.
The analyst firm made the suggestion in a new report, Cybersecurity Must Block AI Browsers for Now.
The report authors warned that “default AI browser settings prioritize user experience over security,” pointing to several risky scenarios. These include:
- Indirect prompt injection via rogue agents
- Erroneous agent actions due to “inaccurate reasoning”
- Loss and abuse of credentials, if a browser is tricked into visiting to a phishing site
- Employees dodging cybersecurity training by telling their AI browser to complete sessions on their behalf
- Agents making expensive but incorrect corporate purchases, e.g., booking the wrong flights
- Loss of sensitive corporate data to the cloud, where it is processed by AI services
“Eliminating all risks is unlikely – erroneous actions by AI agents will remain a concern,” the report warned.
“Organizations with low risk tolerance may need to block AI browsers for the longer term.”
Read more on AI browsers: Why we Need to Manage the Risk of AI Browser Extensions
Researcher Warnings
Gartner’s warnings are the latest in a string of reports urging enterprises to treat AI browsers with caution.
In October, a SquareX study identified prompt injection, malicious workflows, malicious downloads and trusted app misuse as potential architectural weaknesses in browsers like Perplexity’s Comet and ChatGPT’s Atlas.
A month later, Cato Networks revealed “HashJack,” a new vulnerability capable of weaponizing legitimate websites to manipulate browsers. Attackers would simply embed malicious fragments of code in a real website’s URL, to instruct AI browsers to return misinformation, phishing links and even exfiltrate user data.
KnowBe4 lead security awareness advocate, Javvad Malik, argued that AI browsers have introduced a new tension in cybersecurity by forcing users to assess the tradeoff between productivity and security risk.
“While agentic browsers promise many features to enhance user experience, we are still in early stages where the risks are not well understood and default configurations prioritize convenience over security, something we see in many technologies,” he added.
“However, blanket bans are rarely sustainable long-term strategies. Instead, the focus should be on risk assessments that evaluate the specific AI services powering these browsers. This can allow for measured adoption while maintaining necessary oversight.”
Organizations should develop playbooks to “assess and protect AI agents” in line with their corporate risk appetite, he concluded.
Image credit: Samuel Boivin / Shutterstock.com
