Are AI browsers a golden opportunity for business or a cybersecurity waiting to happen?

It feels as if nothing in the world of technology is truly free from the influence of AI, generative AI especially.

Last year gave rise to the first cohort of AI browsers – a new battleground for AI dominance. Simply put, AI is integrated into web browsers so users can benefit from features like article summaries, automation, and increased personalization.

But as with any new tool, cyber criminals are rubbing their hands with glee over a new avenue by which they can terrorize users and put them at risk. Threats like prompt injection, especially, are prevalent.

Enterprises may therefore be asking whether these new tools can unlock additional productivity gains or whether the risks, many of which might not have yet been realized, outweigh these early benefits. With AI browsers having only just emerged, do they have a place in business?

What are AI browsers and how useful are they?

AI browsers may seem like an inevitability in the age of AI; why use separate AI agents or digital assistants for internet-facing work when you can use a single application that integrates the best of all worlds?

Examples of strong use cases, according to cybersecurity and AI analyst at Keirstone Limited Francis Fabrizi, include not just searching for keywords but looking across all open tabs and synthesizing information. For example, AI browsers can offer time-savings in the form of instant summaries of long meetings or even "agentic" capabilities like booking travel within company policy.

"The real draw of AI browsers for professionals is that they stop being just a window to the web and start acting like a digital assistant that understands context," he tells ITPro. "For a business, this means getting through "drudge work" significantly faster which is why the adoption rate is so high.”

For Rob T Lee, chief of research and chief AI officer at SANS Institute, the appeal is "watching the browser do your job while you drink coffee".

"These agents can [literally] take over your active tab and execute tasks," he says. "Open Wordle, tell the AI to solve it, and watch it physically click the keys while you sit there. That's the party trick."

Beyond the simple tasks, there's "telepathic stuff" like highlighting a confusing paragraph in a technical PDF or a code snippet on GitHub, with the assistant button paving the way for instant explanations and simplifications. But does any of this come at a cost? "The productivity gains are real," he advocates. "But the question is whether your security architecture can handle an autonomous agent with that much access."

The risks of AI browsers for businesses

Prompt injection attacks are far and away the most prominent threat for AI browsers. This manifests when a malicious site hides invisible instructions that the AI reads while summarizing a page. They could trick your browser into exfiltrating private data, for example, or stealing session cookies. "Because AI browsers have more "autonomy" than traditional ones, an attacker doesn't necessarily need to hack your computer, they just need to trick the AI into following a bad command," says Fabrizi.

There's also OAuth abuse, adds Lee. "When users grant AI browsers access to Gmail, Calendar, or Drive, attackers exploiting prompt injection can extract emails, create forwarding rules, harvest tokens, and all without stealing a password. The agent already has the keys."

Beyond cybersecurity, users also risk data leakage – or losing control of sensitive information when data is beamed out to external servers. That sensitive data or proprietary IP might be used to train future models. Workers may also become complacent, adds Fabrizi, relying on AI to handle routine tasks that they neglect to double check. Hallucinations may slip through the cracks and factual errors may wind up being factored into serious business decisions much later down the line.

Web browsers already contain sensitive data like history, cookies, session data, cross-application workflows, adds Lee. "Layer an AI agent on top of that with permission to act on your behalf, and you've created something with enormous access operating at a speed and scale no human could match.

"The risk isn't that employees will do something stupid. It's that the AI will do something fast."

How can businesses safely implement AI browsers?

There's no doubt that AI browsers are in the ascendancy – whether or not they're currently safe or dangerous, employees will be inevitably drawn to the benefits. Implementing blanket bans, therefore, will likely be counterintuitive. Both Fabrizi and Lee agree that CISOs and IT leaders should not default to bans or blocking, as this will lead to yet more "shadow AI".

"Instead, the approach should be a managed rollout that prioritizes data loss prevention and strict "human-in-the-loop" requirements," says Fabrizi. "There is absolutely a valid use case for AI browsers in research, content creation and data analysis but it has to be done through enterprise-grade versions where the company retains ownership of the data."

Whether or not the risk outweighs the benefit is not a question of the existence of the tool itself, but rather how it's implemented within an organization and how it's ultimately used. IT leaders should focus on how to implement proper guardrails while preserving employees' desire to extract more productivity gains from the new technology.

One example includes disabling the AI's ability to act autonomously (like sending emails or moving files with manual input), Fabrizi advises. Lee adds that organizations should classify data to gain an understanding of what's actually sensitive.

Identifying enterprise-grade AI browsers with contractual data protection measures will be a great starting point when assessing which service to adopt. Lee also advises implementing controls around OAuth scopes and session management, while running pilots with users who don't have access to the most sensitive corporate or organization data.

"Valid use cases absolutely exist and the productivity gains are real," Lee says. "But you need visibility first. Bring shadow AI into the sunlight, then secure it."