Skip to content Skip to main navigation Report an accessibility issue
Information Security

Agentic AI Browsers and Associated Risks


Unlike traditional browsers, which rely on user clicks and keystrokes, Agentic AI browsers integrate autonomous agents into the browsing experience. These tools interpret natural language commands and are capable of executing multi-step tasks across websites.

Popular AI Browser examples include:

  • Comet by Perplexity
  • ChatGPT Atlas by OpenAI
  • Dia by The Browser Company
  • Fellou, Sigma, and Opera Neon

These browsers aim to boost productivity by automating tasks like booking appointments, comparing products, or summarizing documents. But they also introduce new attack surfaces and data exposure risks.

Top Security Risks

  1. Prompt Injection Attacks
    Malicious actors can embed hidden instructions in web content using techniques like HTML comments or invisible text. These hidden elements may bypass security controls and be misinterpreted by AI agents as legitimate commands. As a result, the AI could perform unauthorized actions, such as submitting forms, changing account settings, or extracting sensitive data, including emails, one-time passwords (OTPs), and login credentials.
  2. Overexposure of Sensitive Data
    Agentic browsers often require broad access to user data, including emails, calendars, contacts, and browsing history. Without strict boundaries, this data can be misused or leaked.
  3. Loss of User Agency
  4. AI agents may act on predictive patterns rather than explicit consent, potentially violating privacy laws.

Best Practices for Safe Agentic Browsing

  1. Use Logged-Out Mode
    Limit the AI’s access to authenticated sessions. Only log in manually when necessary.
  2. Disable Browser Memory Features
    Avoid enabling memory or personalization features that store sensitive browsing data.
  3. Monitor Agent Activity
    Never leave an AI agent running unattended. Always supervise its actions, especially on sensitive platforms.
  4. Use Least-Privilege Accounts
    For testing or automation, use accounts with the least access to minimize potential damage.
  5. Review Privacy Policies
    Select browsers that have transparent data handling practices and local processing options.
  6. Separate Browsing Contexts
    Consider using different browsers for agentic tasks that require agency and sensitive activities (e.g., banking, healthcare).
  7. Use UT Verse for Non-Agentic Tasks
    Consider using UT Verse for workloads that don’t require an agentic browser.

The flagship campus of the University of Tennessee System and partner in the Tennessee Transfer Pathway.