Web browsers are starting to change in a big way. A recent Dark Web article showed that , instead of just showing you websites, some of the new AI-powered browsers can actually take actions on your behalf. They can click buttons, add items to shopping carts, or even complete a purchase for you.
The industry calls this “agentic” behavior. In plain English, it means the software acts like your agent. It is no longer just displaying information, it is making choices and carrying out steps for you.
This may sound convenient, but it is creating serious new security risks.
When the Browser Fails to Spot a Scam
In a recent test, Perplexity.ai’s Comet browser visited a fake Walmart website. The browser added an Apple Watch to the cart, filled in the form with payment details, and clicked “buy” without realizing the site was fraudulent.
We have spent years teaching people how to avoid phishing attacks and suspicious websites. If the browser itself cannot recognize the danger, the protections we have built into our daily habits start to break down.
PromptFix: A Trick to Fool the AI
Hackers are also using a method called “PromptFix.” This involves hiding malicious instructions in a website that the human visitor never notices. For example, attackers can use invisible text or code that tells the AI browser to visit a fake storefront or hand over sensitive data. The AI follows the instructions as if they were legitimate, because it does not see the difference between a safe request and a harmful one.
Microsoft’s Browser Agent Vulnerability
Even the big players are not immune. Microsoft recently tested its own “agentic web” technology called NLWeb. A flaw was discovered that allowed attackers to trick the browser into exposing sensitive system files. In effect, hackers could steal the AI’s memory and take control. Microsoft patched the issue, but it showed how quickly these new tools can introduce serious risks.
Why Businesses Should Pay Attention
If an AI-enabled browser can be tricked into buying from fake sites, entering company data, or giving away logins, that opens the door for attackers. Security leaders are increasingly worried about what they call “nonhuman identities.” These are actions carried out by machines instead of people. How do you confirm whether a login, a purchase, or a request really came from your employee, or if it came from the AI built into their browser?
Practical Steps Right Now
Until these tools are better secured, here are some steps you can take:
-
Double-check websites before letting automation run.
-
Do not allow AI browsers to handle purchases or sensitive forms without human review.
-
Use private or sandboxed sessions to limit exposure of cookies and login data.
-
Train employees to stop immediately if the browser begins behaving in unexpected ways.
- Develop and enforce a clear AI usage policy so employees know when and how these tools can be safely used.
AI in browsers could save time and make life easier, but the industry is still pretty young, and security just hasn't caught up yet. Until it does, convenience should never outweigh caution. If your browser is making choices for you, you need to make sure those choices are safe.