Traditional controls inadequate: AI browsers can autonomously navigate websites, fill out forms, and complete transactions while authenticated to web resources. As he and his colleagues wrote in their report, this makes the AI browsers susceptible to new cybersecurity risks, “such as indirect prompt-injection-induced rogue agent actions, inaccurate reasoning-driven erroneous agent actions, and further loss and abuse of credentials if the AI browser is deceived into autonomously navigating to a phishing website.””Traditional controls are inadequate for the new risks introduced by AI browsers, and solutions are only beginning to emerge,” Mirolyubov said. “A major gap exists in inspecting multi-modal communications with browsers, including voice commands to AI browsers.”Prompt injection remains a particular concern, OpenAI CISO Dane Stuckey acknowledged in a post to X, formerly Twitter, the day after ChatGPT Atlas’s launch: “Prompt injection remains a frontier, unsolved security problem, and our adversaries will spend significant time and resources to find ways to make ChatGPT agents fall for these attacks.”
Discovered vulnerabilities highlight immaturity: Beyond theoretical risks, concrete security flaws have emerged in both major AI browsers. Days after ChatGPT Atlas launched, researchers discovered it stores OAuth tokens unencrypted with overly permissive file settings on macOS, potentially allowing unauthorized access to user accounts. The vulnerability was documented by security research group Teamwin on October 27.OpenAI had not released a patch as of October 31, when Gartner completed its research.Separately, cybersecurity firm LayerX Security reported in August the discovery of a vulnerability in Comet called “CometJacking” that could potentially exfiltrate user data to attacker-controlled servers.OpenAI and Perplexity did not immediately respond to requests for comment.
Years, not months, to mature: The discovered vulnerabilities highlight broader concerns about the maturity of AI browser technology. “Security and privacy must become core design principles rather than afterthoughts,” Mirolyubov said. AI browser vendors must incorporate enterprise-grade cybersecurity controls from the outset and provide greater transparency regarding data flows and agentic decisions, he said.Emerging AI usage control solutions will likely take “a matter of years rather than months” to mature, he said. “Eliminating all risks is unlikely, erroneous actions by AI agents will remain a concern. Organizations with low risk tolerance may need to block AI browsers for the longer term.”Organizations with higher risk tolerance that want to experiment should limit pilots to small groups tackling low-risk use cases that are easy to verify and roll back, the Gartner report said. Users must “always closely monitor how the AI browser autonomously navigates when interacting with web resources.”For now, Gartner said, organizations should block AI browser installations using existing network and endpoint security controls and review their AI policies to ensure that broad use of AI browsers is prohibited.”Today, most cybersecurity teams choose to block AI browsers, delaying adoption until risks are better understood and controls are more mature,” Mirolyubov said.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4102571/keep-ai-browsers-out-of-your-enterprise-warns-gartner-2.html
