AI-powered browser agents promise to transform how we search, shop and work online by acting directly on our behalf.
Adobe Stock
Browser agents are set to transform the way we use the internet, fundamentally changing the way we search for information and work online.
For anyone not up to speed, the term covers a new generation of web browsers built on agentic AI, capable of “seeing” our screens and taking control to carry out tasks on our behalf.
But there’s a big question mark over their safety. After all, if browsers like ChatGPT Atlas and Perplexity Comet can open websites, fill in details, read emails and even make purchases, how can we be sure they’ll always work in our best interests?
Even leaving aside for the moment the issue of AI hallucination, the fact that AI often makes things up, or acts in ways that we can’t even understand, is there a risk that malicious actors can influence its behavior and persuade it to cause us harm?
The fact is, this technology is very new, and no one is really certain exactly how far the risks go. But experts are already urging extreme caution and highlighting several serious threats it could pose.
So, let’s take a look at the question of just how safe it is, and if we are going to use it, what steps we can take to keep ourselves as well protected as possible.
The Risks
One risk that’s frequently cited by those highlighting safety concerns around agentic browsing is prompt injection.
In simple terms, this is when someone with bad intentions hides instructions in a website or its code. Because browser agents work by reading and understanding websites, in some circumstances, they can be tricked into following instructions.
This could involve sending information to a malicious website, divulging personal information that it can access, or downloading and installing malware.
Research published by the developers of the privacy-focused browser Brave found that malicious instructions can be hidden in images and interpreted by browsers as commands to take action.
Another risk is more fundamental still to the operation of browser agents; in order to work on your behalf, they often have to assume your identity. This means having the capability of authenticating as you to access services or make purchases.
So much of our lives is now carried out online (banking, shopping and interacting with government services, for example) that there’s very little that someone with access to our entire digital footprint couldn’t do.
Every new tool, platform or website that we give permission to access our data brings us convenience. But it also increases the “blast radius” if something goes wrong.
Here, a malicious actor isn’t even needed for something to go wrong. A misconfigured agent or many other forms of human error would be more than enough to cause damage.
And as well as human error, there’s also machine error to worry about, including the infamous AI hallucinations.
Anyone who’s used ChatGPT or similar tools will know that it’s not at all uncommon for it to confidently state “facts” and make assertions that have little or no basis in reality. No, humans aren’t perfect either, and AI is usually more than happy to accept its wrongs and correct itself when we pick up on its failings.
But until we can be certain it won’t act with the same misplaced self-assuredness when it’s deciding who to share our data with, or where to spend our money, it’s probably best not to give it the chance to make mistakes in the first place.
How To Stay Safe
Once you understand the risks, if you still want to experiment with browser agents, here are some steps everyone should take to minimize the chances of coming to harm.
Firstly, be aware of the permissioning environment of your chosen agentic browser. They’re all different, and the methods for allowing and restricting what they can access, see and do are frequently changing. But before taking a single step into the world of agentic browsing, be sure to fully understand how to control this.
At this stage, there’s no way I would recommend giving a browser agent (most of which are still experimental releases) access to any sort of sensitive data, such as letting it log into your banking or email accounts.
Next, work out how to monitor the activity of the agentic browser. Most provide readouts and logs of the actions they’re taking — keep an eye on these and revoke permissions immediately if you see them making unusual site visits or sharing data in ways you don’t understand.
As well as the agent itself, remember to carefully monitor permissions from any browser extensions you have installed, as agentic functions in the browser may be able to “see” what they can see.
Consider creating new, sandboxed accounts for tools like email or cloud services like Google Docs and Microsoft 365. This way, you can evaluate how well they work with browser agents without risking giving them access to your real accounts.
And finally, stay up to date with the latest security announcements regarding data breaches, vulnerabilities and audits. This is a landscape that’s changing quickly, and following community research via platforms like Have I Been Pwned, Krebs On Security and The Register is a good idea.
A Brave New World?
Browser agents are very new, and it’s fair to say that their risks and opportunities aren’t yet fully understood.
Until comprehensive, external security audits are available, it’s clearly better to err on the side of caution.
It also has to be said that you shouldn’t expect miracles yet, and the technology is still very experimental.
It’s cool telling an agent what to do and watching it whizz off around the internet, gathering information and interacting with online services. But right now, you’re likely to find that you get better and more accurate results working manually, particularly with more complex tasks.
There’s really only one reason to fire up one of these flashy new agentic browsers today, and that’s to glimpse what the future holds. As long as you take the necessary precautions, it’s a safe and fascinating experience.