The rise of AI-powered web browsers like Fellou and Perplexity’s Comet is being hailed as the next step in internet innovation — but cybersecurity experts caution that these smart browsers may pose serious threats to enterprise security.
Touted as digital assistants for the web, AI browsers can summarize pages, automate research, and even act autonomously on online content. The promise is faster workflows and seamless integration of AI into daily browsing. Yet, new research suggests that the same autonomy that makes these tools appealing also opens dangerous vulnerabilities.
Hidden Attacks Behind Everyday Websites
Security analysts have discovered that AI browsers are highly susceptible to indirect prompt injection attacks — a sophisticated technique where malicious instructions are hidden within websites, text, or even images. When an AI browser processes these embedded commands, it can be tricked into performing unintended actions, often using the user’s credentials and access level.
In one test, researchers demonstrated how a hidden text command inside an image could instruct an AI assistant to interact with sensitive assets such as corporate emails or financial dashboards. Another scenario showed how an AI browser could be manipulated to perform unauthorized actions without the user’s knowledge.
This type of attack effectively turns the AI browser into an insider threat, bypassing traditional cybersecurity barriers like firewalls and same-origin policies. Because these actions are executed within a user’s trusted session, they can go undetected for long periods.
When Automation Meets Exposure
The danger lies in the AI browser’s design: it merges live web data with user queries through a large language model (LLM). If the model can’t distinguish between safe and malicious input, it can inadvertently access or act on data not intended by the user.
For organizations that depend on data segmentation and access control, a compromised AI browser represents a worst-case scenario. It can mimic legitimate user actions, trigger token exchanges, or access secure cookies—creating a direct pathway for data theft or misuse.
What IT Leaders Should Know
Experts are urging companies to treat AI browsers as they would any unauthorized third-party software. While IT departments can often block installations, the challenge is that mainstream browsers like Google Chrome and Microsoft Edge are already integrating AI capabilities such as Gemini and Copilot. These features may soon include autonomous “agentic” behaviors, increasing the urgency for proper governance.
To mitigate risk, security teams should demand that future AI browsers include:
- Prompt isolation: Separate user intent from web content before generating prompts.
- Gated permissions: Require explicit user approval before executing autonomous actions like navigation or data retrieval.
- Sandboxing: Disable AI functions in sensitive areas such as HR, finance, or internal dashboards.
- Governance integration: Align AI browser actions with enterprise security policies and maintain traceable logs of AI activity.
So far, no browser vendor has successfully implemented full safeguards to distinguish between genuine user commands and injected prompts.
A Wake-Up Call for the Enterprise
AI browsers may represent the next evolution of web interaction, but for now, they carry the same risks as dormant malware — intelligent, helpful, and potentially uncontrollable. Until better safeguards are in place, enterprises are advised to proceed with caution.
As major browser developers race to embed AI into their platforms, continuous monitoring and strict oversight will be crucial. The convenience of autonomous browsing must not come at the cost of corporate data security.
