Analysts state that next-generation “agentic browsers” increase the risk of data leakage and credential theft due to their autonomous action capabilities. Sensitive company information sent to the artificial intelligence behind these browsers creates a major danger. Leading market analysis firms like Gartner have issued a significant warning that these new-generation AI-powered browsers, referred to as “agentic browsers,” are too risky for most organizations to use.
In a report published last week titled “Cybersecurity Should Block AI Browsers for Now,” the firm notes that default AI browser settings prioritize user experience rather than security.
Defining the Risks of Agentic Browsers
When defining these AI browsers, analysts include tools possessing:
- An AI Side Panel that offers users the ability to summarize or translate web content using AI services provided by the browser developer.
- Agentic Action Capabilities that allow the browser to navigate websites autonomously and complete tasks, particularly within authenticated web sessions.
Gartner’s document warns that AI side panels pose a serious data risk. Sensitive user data, such as active web content, browsing history, and open tabs, is frequently sent to a cloud-based AI back-end. This situation increases the risk of data leakage unless security and privacy settings are managed centrally.
Vulnerabilities and Agentic Threats
Gartner’s concerns regarding agentic capabilities stem primarily from these browsers being vulnerable to various threats. The biggest dangers include:
- Fraudulent agent actions resulting from indirect prompt injection.
- Erroneous agent actions resulting from hallucinations (faulty reasoning).
- Misuse of credentials if the AI browser is autonomously redirected to a phishing website.
The authors believe that employees using AI browsers to automate mandatory or repetitive tasks carries certain risks. For instance, an employee might instruct the AI to complete mandatory cybersecurity training. A more concrete scenario involves agentic browsers being used in internal company procurement tools; in this case, Large Language Models (LLMs) could make errors resulting in consequences like ordering the wrong office supplies or booking the wrong flight.
Blocking and Preventive Measures
To mitigate these risks, Gartner states that the back-end AI services powering an AI browser must first be examined to understand if their security measures present an acceptable risk for the organization. If the back-end AI is approved, organizations should still teach users to ensure that highly sensitive data is not active in the browser tab while using the side panel for summarization or other autonomous actions.
However, if it is decided that the back-end AI is too risky, Gartner advises blocking users from downloading or installing AI browsers.
Additionally, they suggest using settings to prevent agentic browsers from performing certain actions, such as sending emails, and utilizing settings that ensure AI browsers do not store data. In general, analysts believe that AI browsers are too dangerous to use without first conducting a risk assessment. Even after this assessment, they note that organizations will likely face a long list of prohibited use cases and a continuous auditing task to enforce these policies.
You Might Also Like;
- The Mystery of the Far Side: What Is Hiding in the Lunar Shadows? | Metaverse Planet
- The Doomsday Clock Hits 85 Seconds to Midnight: Are We Out of Time?
- Nvidia’s AI Can Now Predict the Future (Of Weather)
-
-
-
-
-
-
-
-
-
-
-
-
