Analyst firm Gartner has issued a blunt warning to organizations: Agentic AI browsers introduce serious new security risks and should be blocked "for the foreseeable future."
The firm's advisory, entitled "Cybersecurity Must Block AI Browsers for Now", argues that AI browsers are currently favoring convenience over security and that organizations are not ready for the risks that they pose.
"Gartner strongly recommends that organizations block all AI browsers for the foreseeable future because of the cybersecurity risks," wrote analysts Dennis Xu, Evgeny Mirolyubov, and John Watts.
So, what are AI browsers? And just what are the concerns?
Agentic AI browsers such as Perplexity's Comet and OpenAI's ChatGPT Atlas go beyond basic web browsing. They have built-in AI assistants, which are capable of summarizing page content, helping users understand what they are viewing, and can perform multi-step tasks on the user's behalf.
An agentic browser can perform actions semi-autonomously. This means that it might be capable of logging into websites, purchasing goods, acting upon emails, and performing other functions that a human operator would usually do.
Gartner warns that such systems can inadvertently send sensitive user data to cloud-based AI servers unless security settings are carefully controlled.
Security researchers have already demonstrated that AI browsers can be manipulated through techniques such as indirect prompt injection, where malicious instructions hidden inside webpage content can cause an AI system to behave in unintended ways.
For instance, in August 2025, Brave's security team published research showing how Comet could execute attacker-crafted instructions embedded in ordinary webpage text if the user asked the AI to summarize or analyze the page.
In a proof-of-concept attack, researchers showed how a malicious Reddit comment could trick the AI into revealing a user's email address and one-time password - a threat which could have allowed an account to be hijacked.
Perplexity acknowledged the vulnerability and rolled out a fix, though Brave's subsequent testing found the mitigation it had implemented was incomplete.
Security firm LayerX later described a related risk they dubbed "CometJacking," which involved a booby-trapped URL, that caused the Comet browser's AI layer to "steal any sensitive data that has been exposed in the Comet browser."
Meanwhile, ChatGPT Atlas from OpenAI was found in tests to only block 5.8% of phishing attacks, compared to Chrome's 47% and Edge's 53% — meaning Atlas users were significantly more exposed to malicious websites.
In addition, Gartner highlights an ironic failure of AI browsers to improve security. As the report explains, AI browsers could potentially help employees automate security training exercises that workers are given to improve their behavior, thereby undermining compliance efforts.
Furthermore, there are genuine concerns that autonomous browser agents, integrated into internal services such as HR portals, travel booking systems, and procurement tools, could make mistakes without careful human oversight.
In short, an AI misinterpreting a form could order incorrect equipment or book the wrong travel itinerary, and traditional oversight tools may not catch these errors quickly enough.
In light of these challenges, Gartner's recommendation is clear. Organizations should block AI browsers for now, pending a thorough risk assessment. Even after the evaluation has been completed, the advice for enterprises is that they should ensure strict usage policies, careful configuration, and continuous monitoring are in place to keep the rapidly evolving technology under control.
AI browsers may hold the attractive promise of a personal assistant that can fill out forms, book travel, and streamline tedious web actions, but with AI systems continuing to be vulnerable to manipulation - or simply prone to making unpredictable mistakes - the consequences can be serious.
Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor and do not necessarily reflect those of Fortra.
Your Guide to Secure AI Innovation
In this accelerated threat landscape, every security company must embrace AI not as an option, but as an operational necessity.
