Analyst company Gartner has issued a recommendation to block AI-powered browsers to help organizations protect business data and cybersecurity. The company says most of these agentic browsers—browsers using autonomous AI models for interacting with web content and automating tasks by default—are designed to provide good user experiences at the cost of compromising security.
These, the company warns, may leak sensitive information, such as credentials, bank details, or emails, to malicious websites or unauthorized parties. While browsers like OpenAI's ChatGPT Atlas can summarize content, gather data, and automatically navigate users between different websites, the cloud-based back ends commonly used by such browsers handle and store user data, leaving it exposed unless their security settings are carefully managed and appropriate measures implemented.
What Gartner analysts mean here is that agentic browsers can be deceived into collecting and sending sensitive data to unauthorized parties, especially when workers have confidential data open in browser tabs while using an AI assistant. Furthermore, even if the backend of a browser conforms to the cybersecurity policies of a firm, improper use or configuration may turn the situation very risky.
The analysts highlight that in all cases, the responsibility lies squarely with each organization to determine the compliance and risks involved with backend services for any AI browser. Besides, Gartner cautions that workers will be tempted to automate mundane or mandated activities, such as cybersecurity training, with the browsers, which could circumvent basic security protocols.
Safety tips
To mitigate these risks, Gartner suggests organizations train users on the hazards of exposing sensitive data to AI browser back ends and ensure users do not use these tools while viewing highly confidential information.
"With the rise of AI, there is a growing tension between productivity and security, as most AI browsers today err toward convenience over safety. I would not recommend complete bans but encourage organizations to perform risk assessments on specific AI services powering the browsers," security expert Javvad Malik of KnowBe4 commented.
Tailored playbooks for the adoption, oversight, and management of risk for AI agents should be developed to enable organizations to harness the productivity benefits of AI browsers while sustaining appropriate cybersecurity postures.