This post is also available in:
עברית (Hebrew)
Autonomous AI browsers are designed to handle digital tasks without human input—everything from booking flights to managing emails. But recent tests reveal a significant security shortfall: these systems can be tricked by phishing sites and fake storefronts, potentially exposing users to fraud and data theft.
New research from browser security firm Guardio shows that while agentic AI tools aim to simplify online interactions, they also inherit common weaknesses of generative AI—namely, a lack of skepticism, poor contextual judgment, and a tendency to follow instructions too literally.
In one test, researchers evaluated the Perplexity Comet browser, an AI assistant capable of performing web tasks independently. The browser was directed to purchase an Apple Watch. Instead of verifying the site’s authenticity, it completed the transaction on a fake Walmart website created by the researchers using a website generator tool. Despite obvious signs that the site wasn’t legitimate, Comet proceeded to autofill personal and payment details—completing the purchase without requesting confirmation.
The team also simulated a phishing scenario. They sent a fake email posing as a Wells Fargo investment manager, including a malicious link. Comet followed the prompt, clicked the link, and interacted with the phishing page, filling in form fields with sensitive information.
These tests illustrate a key issue: once the AI takes over, user intuition and real-time decision-making are removed from the process. Without built-in safeguards, the system can easily be exploited.
While AI browsers are still in early development, their growing capabilities—and potential integration into critical workflows—raise concerns about long-term implications. Guardio emphasizes that developers need to prioritize security features in addition to functionality.
The researchers explain that current models lack adequate guardrails. As these tools become more integrated into everyday online activity, the potential cost of misplaced trust could become increasingly significant.
The findings underscore the need for more robust controls and safety tools before AI agents are widely adopted for autonomous browsing.
