AI Browsers Pose Cyber Risks: UW Study Finds Data Vulnerabilities

New research from the University of Washington finds that some AI web browsers come with significant cybersecurity risks. A study of seven popular agentic browsers found that four of them can bypass a fundamental security rule called the "same-origin policy." This policy normally prevents different websites open in your browser from interacting with each other's information. Researchers successfully demonstrated a cyberattack on one browser, ChatGPT Atlas, where one website stole information from another embedded within it. Similar attack conditions were found in Chrome with Gemini, Claude for Chrome, and Perplexity Comet. What's interesting is that browsers giving AI agents fewer permissions were generally safer. Co-senior author David Kohlbrenner states that these browser agents are not ready for the public, warning that even savvy users should not trust these systems to protect sensitive information like email or bank accounts. This matters because using these browsers could expose your personal data to cyberattacks.