SquareX has released research identifying serious vulnerabilities in AI-powered browsers that could allow attackers to compromise sensitive enterprise data and systems.

The research focuses on the capability of AI browsers to autonomously complete tasks, highlighting weaknesses that make such browsers susceptible to various forms of cyberattacks, including OAuth attacks, malware downloads, and the distribution of malicious links.

Vulnerabilities were specifically demonstrated against Comet, one of the current AI browsers on the market. According to SquareX, attackers were able to manipulate Comet in several scenarios, leading to significant security breaches.

Security risks detailed

One major avenue of attack identified was the exploitation of Comet through OAuth, a widely used authorisation protocol. In this case, the AI browser, while tasked with completing a research activity, inadvertently granted attackers full access to the victim’s email and Google Drive accounts. This resulted in exposure of all files stored on the account, including those shared by colleagues and customers.

Another incident involved Comet performing automated tasks within a user’s inbox, a use case actively promoted by Comet itself. During this task, Comet sent a malicious link to the victim’s colleague via a calendar invite, potentially opening the door to further malware infections or phishing attacks within an enterprise environment.

Further tests revealed that the AI browser could be deceived into downloading known malware strains, as well as sending sensitive business files directly to external attackers via email. These findings highlight how AI-driven automation within browsers can be systematically abused by adversaries who trick the AI into enacting harmful workflows.

AI browser adoption and security preparedness

The rapid increase in enterprise adoption of AI browsers from companies such as OpenAI, Microsoft, Google, and The Browser Company underscores the growing risk posed by these vulnerabilities. Chrome and Edge together represent approximately 70% of the global browser market, making it highly probable that AI-driven browsers will become the predominant means of Internet use among both consumers and businesses.

“Just like any AI Agent, AI Browsers are trained to complete tasks, not to be security aware. This makes it trivial for attackers to trick browsers like Comet into performing malicious tasks, by convincing them that it is a necessary part of the workflow they are completing. With two major consumer browsers publicly announcing their entry to the AI Browser race, it is inevitable that AI Browsers will be the primary way we interact with the internet in the future. Without the right browser-native solution that can implement guardrails on these AI Browsers that take into account agentic identity and agentic DLP, millions of users will be at risk,” warns Vivek Ramachandran, Founder of SquareX. 

Traditional endpoint detection and response (EDR) systems, as well as secure access service edge (SASE) and secure service edge (SSE) solutions, do not possess sufficient visibility into browser activity to differentiate actions performed by the AI agent from those initiated by a human user. Both types of requests appear identical from a network perspective, hampering organisations’ ability to identify and control AI-specific browser activity.

The research recommends browser-native security solutions capable of distinguishing between human and agentic behaviour in order to implement effective data protections and policy controls.

Industry voices on AI browser security

“Browsers have always been our universal gateway to the internet. AI browsers are the next logical step where instead of simply displaying information, the browser acts autonomously on our behalf. The trade off? Where we were once firmly in the driving seat, AI browsers will push us to be passengers,” commented Stephen Bennett, Group CISO at Domino’s Pizza Enterprises Ltd.

SquareX’s findings suggest that as enterprises rely increasingly on autonomous browsing and AI-driven automation, technical and policy safeguards must keep pace. Close collaboration between security vendors, browser providers, and enterprise IT departments is recommended to ensure robust protection frameworks are developed and deployed before further large-scale adoption of AI browsers occurs.

The research cautions organisations against relying exclusively on legacy security solutions when defending against threats introduced by AI-powered browsing behaviour, and calls for urgent industry engagement to address these evolving risks.