A new report by security researchers at SquareX Labs has identified several architectural security weaknesses in AI browsers, including Perplexity’s Comet.
The findings suggest that as browsers adopt artificial intelligence to automate user tasks, they may also introduce new forms of cyber-risk.
A New Generation of Browsers
AI browsers are designed to integrate AI assistants directly into the browsing experience, allowing users to search, summarize and even perform online actions through natural-language prompts.
Since Perplexity launched Comet in July, other companies – among them OpenAI, The Browser Company and Fellou AI – have followed with similar products. Major platforms such as Chrome and Edge have also outlined plans to add AI-driven capabilities.
According to SquareX, the growing use of AI browsers could mark a significant change in how people and organizations interact with the web.
However, the report notes that current browser architectures may not yet account for the security challenges posed by autonomous AI behavior.
Four key challenges
SquareX categorized the security issues into four main areas:
-
Malicious workflows: AI agents can be deceived by phishing or OAuth-based attacks that request excessive access permissions, potentially exposing email or cloud storage data
-
Prompt injection: Attackers may embed hidden instructions within trusted apps such as SharePoint or OneDrive, prompting AI agents to share data or insert harmful links
-
Malicious downloads: AI browsers can be directed to download disguised malware through manipulated search results
-
Trusted app misuse: Even legitimate business tools can be used to deliver unauthorized commands through AI-driven interactions
Toward Stronger Safeguards
SquareX researchers emphasized that securing AI browsers will require collaboration between browser developers, enterprises and security vendors.
They observed that existing tools like SASE and EDR solutions have limited visibility into AI browser behavior, making it difficult to detect when actions are performed by an automated agent rather than a human user.
To mitigate these risks, the report recommends several steps:
-
Establishing agentic identity systems to differentiate between user and AI actions
-
Implementing data loss prevention (DLP) policies within browsers
-
Adding client-side file scanning to detect malicious downloads
-
Conducting extension risk assessments to identify unsafe or compromised add-ons
SquareX concluded that as AI capabilities become a standard part of web browsing, building security directly into these systems will be essential to prevent unintentional exposure of sensitive data.
Image credit: gguy / Shutterstock.com
