- Gartner has warned organizations to block browsers with AI
- AI browsers can threaten data, leak financial information and transmit credentials
- Employees could use AI browsers to complete cybersecurity training
Analyst firm Gartner has advised organizations to block the use of AI browsers, warning of the possibility of data exposure or autonomous actions taken by agent browsers on malicious websites.
The main observation made by VP of Research Dennis Xu, Senior Director Analyst Evgeny Mirolyubov, and VP Analyst John Watts was that “the default AI browser settings prioritize user experience over security.”
AI browsers, such as OpenAI’s ChatGPT Atlas, are often used to increase efficiency by using autonomous navigation, workflows, and data collection, but can be tricked by malicious web pages into collecting and transferring sensitive information such as bank account details, credentials, and emails.
“Happy to hack you 🙂”
Gartner analysts summarized a browser agent to include two key features:
- The ability to interact with web content using the developer’s artificial intelligence model, offering features such as content summarization, data collection, translation and search capabilities.
- The ability to autonomously complete tasks on websites, especially within authenticated sessions.
Many agent browsers do not allow the use of AI functions within an on-premises LLM, meaning that user data, ranging from web content to browsing history and open tabs, “is often sent to the cloud-based AI backend, increasing the risk of data exposure unless security and privacy settings are deliberately hardened and managed centrally.”
Ultimately, it is up to each individual organization to conduct an assessment of AI Browser back-end services to see if they comply with an organization’s cybersecurity and data protection policies. But even if they are approved, they can still be used in a way that presents greater risks to the organization.
In this case, the user himself can provide the browser with an unnecessary amount of sensitive information simply by having sensitive data open in the same web browser window while using the browser’s AI assistant.
Additionally, because agent browsers can complete actions autonomously, Gartner warns that employees could be “tempted to use AI browsers and automate certain tasks that are mandatory, repetitive, and less interesting,” such as cybersecurity training.
Gartner suggests that organizations that continue to use agent browsers should “educate users that anything they are viewing could be sent to the back-end of the AI ​​service to ensure they do not have highly sensitive data active in the browser tab while using the AI ​​browser sidebar to summarize or perform other autonomous actions.”
Commenting on Gartner’s advisory, Javvad Malik, senior security awareness advocate at KnowBe4, said:
“AI features have introduced tension into cybersecurity, requiring people to evaluate the balance between productivity and security risks. While agent browsers promise many features to improve the user experience, we are still in the early stages where the risks are not well understood and default settings prioritize convenience over security, something we see in many technologies.”
“However, blanket bans are rarely sustainable long-term strategies. Instead, the focus should be on risk assessments that evaluate the specific AI services that power these browsers. This can allow for measured adoption while maintaining necessary oversight. As we find more and more AI agents making their way into all aspects of the technology, organizations need to have guidance in place to assess and protect AI agents, and allow them to work within the organization according to their own needs and appetite for risk”.
Through The Registry
The best business laptops for every budget
