Opinion
AI browsers: The next big thing, and a big new risk
AI-powered smart browsers offer a personalized and advanced browsing experience, but they also pose serious security risks. Elad Schulman, Co-Founder and CEO of Lasso Security, explains how and what you can do to stay safe online.
The way we search and browse the internet is changing rapidly. AI-powered browsers now let users perform complex tasks with large language models (LLMs): summarizing content, autofilling forms, and even interacting with websites in natural language. This shift has the potential to dramatically boost productivity for individuals and organizations, making every search into an intelligent workflow.
As of now we see two types of AI browsers are emerging: traditional browsers like Chrome or Safari that integrate AI features, and entirely new ones such as Perplexity’s Comet or Opera, built from the ground up with AI agents. Either way, browsers, already central to our daily lives and work, are undergoing a true revolution.
But new risks are rising alongside these capabilities. Unlike traditional browsers, these browsers with built-in AI agents can scan pages, summarize content, and take actions on a user’s behalf using AI agents. Because these agents run on the same technology as GenAI powered chatbots like ChatGPT, they also inherit the same vulnerabilities such as hallucinations, prompt injection, data leakage and more. Without proper guardrails, an AI agent could perform unwanted, or malicious, actions without the user noticing.
The dangers are not theoretical. In new research from Lasso Security, Identity Mesh, we found vulnerabilities where AI agents embedded in browsers could exploit organizational information through supply chain weaknesses involving multiple tools. For example, by injecting malicious prompts into one platform, an attacker could trick the agent into executing multi-step actions in another, without ever recognizing the malicious intent.
What makes the Identity Mesh vulnerability particularly dangerous is the unique role of the browser. By design, browsers maintain authenticated sessions across multiple origins, giving agents the same privileges a user has across all web applications. When the agent takes action, those actions appear to originate from the legitimate user, making them difficult to distinguish from normal activity. Even worse, the entire attack chain executes seamlessly within standard browser workflows, slipping past traditional security monitoring. Since these agents often operate in a “YOLO mode,” acting without sufficient verification, they can easily be manipulated into carrying out malicious commands under the guise of trusted user activity.
AI browsers and agents hold enormous promise, but they also demand strict security boundaries, continuous monitoring, and robust protection of personal and organizational identities. As our research shows, without strong guardrails, the same technology that makes browsing smarter could also make it far riskier.
Elad Schulman is the Co-Founder and CEO of Lasso Security.
