AI-powered web browsers such as OpenAI's ChatGPT Atlas and Perplexity's Comet are expected to become a major rival to Google Chrome.
With the ability to browse the web to change users, click, fill in forms or automatically find information, these browsers promise to open a new era of the Internet.
However, cybersecurity experts warn that along with that convenience is a serious security risk that users have not fully anticipated.
To operate effectively, browsers such as Atlas or Comet require in-depth access to the user system, including email, work schedule and contact logistics.
In TechCrunch's experiment, these tools have proven useful in handling simple tasks, but still struggling with complex requirements.
Some experts say that allowing AI to operate completely on personal data is no different from giving a digital home key to a stranger.
Browser is doing everything for you, which is basically dangerous, said Shivan Sahib, senior engineer at Brave.
The biggest threat comes from the phenomenon called Prompt injection attacks, when attackers hide malicious commands on a website, causing AI to misunderstand and execute dangerous instructions themselves.
The consequences can be personal data leakage, illegal transactions, even posting or sending automatic letters without users knowing.
According to Brave, this is a systematic challenge that every AI browser faces. Not only Comet, but also OpenAI's ChatGPT Atlas is struggling with this problem.
Dane Stuckey, Director of Information Security at OpenAI, admitted that the malicious lenh vulnerability is still a risk with no final solution and the fix will require a lot of time, effort and resources.
To minimize risks, OpenAI has implemented a posting mode, in which AI agents do not log into user accounts when browsing the web, while Perplexity develops a real-time attack detection system. However, researchers believe that this is only a temporary solution.
Steve Grobman, Chief Technology Officer of McAfee, said: This is a cat and rat game. Approaching and defending techniques are constantly changing, and there are no really solid fences. Code entry techniques are now more sophisticated, even hidden in images containing malicious data."
Rachel Tobac, CEO of SocialProof Security, recommends that users:
- Use a separate password and multi-factor authentication for the AI browser account.
- Limit ChatGPT Atlas and Comet's access to sensitive data.
- Separate bank, healthcare, or work accounts from these test browsers.
According to Ms. Tobac: "AI browser technology is still in its youth. Let them mature for a while before you let AI completely control your online world.
