AI browsers pose significant security risks similar to a T-Rex on the loose. Learn why you should avoid them and how to protect your digital environment.
In this era of "new is better" I'm going to buck the trend and give you this advice: don't install an AI browser. Just like the T-Rex in Jurassic Park, AI browsers may sound good on paper, but it turns out they are a really, really bad idea.
(Some of you may be thinking, "what the heck is an AI browser?" so I'll touch on that and then move forward into tell you why this is a trend you should sit out for now).
What is an AI Browser?
An AI browser is a web browser with built-in AI agents that can summarize pages, remember context, and take actions on your behalf. Examples include Perplexity’s Comet, OpenAI’s Atlas, and Microsoft Edge with Copilot. These are powerful tools but they are extremely risking if compromised.
How Bad Could it be?
An AI browser can be tricked by a malicious prompt or web payload (a “prompt injection”) into acting on your behalf, sending emails, exfiltrating passwords, downloading sensitive data, or granting access tokens, without your awareness or consent.
Because these browsers have deep OS and account integrations (email, calendar, cloud files), one successful exploit could compromise your entire digital environment both personal and corporate. It’s not just reading data; it’s acting with your authority.
But don't just take my word for it, here's a few headlines from credible sources:
- AI browsers are a cybersecurity time bomb (the Verge)
- Dane Stuckey (OpenAI CISO) on prompt injection risks for ChatGPT Atlas.
- OpenAI's Atlas shrugs off inevitability of prompt injection, releases AI browser anyway.
- CometJacking: How One Click Can Turn Perplexity’s Comet AI Browser Against You.
- OpenAI’s browser, Atlas, makes the privacy and security risks of using it your problem
Here's how Gregory Mermoud, computer scientist, researcher, inventor, and professor put it:
You can take several steps right now:
- Audit your browser environment and make sure you’re using a standard browser such as Chrome, Edge, or Safari without AI-agent mode enabled.
- If you’re curious about AI-enhanced tools, speak to our security or IT team; there may be safe, sandboxed ways to experiment.
- Stay alert for phishing, links, or browser pop-ups that ask for permissions or “agent access” to your accounts or calendar. That’s exactly the kind of vector the CometJacking research highlighted.
- If you have concerns, questions, or find a potential violation of this policy, please raise it immediately.
Innovation is a powerful force, but it needs direction. As the imaginary scientist, Ian Malcolm in Jurassic Park, said: “Your scientists were so preoccupied with whether they could, they didn’t stop to think if they should.” At Metal Toad, we take that to heart, choosing progress that strengthens our integrity, our customers’ trust, and our operational security.
AI belongs inside your organization, but in a way that is supervised, contained, and auditable. Learn how to get started with GenAI with Metal Toad's GenAI Assessment today.