A Gartner report is recommending companies to block AI-powered “agentic browsers” due to severe security risks, including data leaks to cloud systems, prompt injection vulnerabilities, and potential for malicious manipulation.
The analyst giant’s advisory said organizations should block AI browsers for now due to significant security risks, mostly because their default settings prioritize user experience and automation over security controls.
It said agentic browsers can be hijacked to transfer sensitive data to attackers.
Gartner analysts, including Dennis Xu, Evgeny Mirolyubov, and John Watts, issued an advisory titled “Cybersecurity Must Block AI Browsers for Now”.
The key points from their analysis include:
- Security Over User Experience: Default AI browser settings often prioritize user experience and efficiency, which introduces new security vulnerabilities.
- Increased Attack Surface: AI browsers integrate deeply with user environments, requiring access to emails, calendars, documents, and passwords, making the browser a single, high-value target for attackers.
- Vulnerability to Attacks: The AI agents within these browsers are described as “gullible and servile,” meaning they can be easily tricked or hijacked by malicious websites (e.g., phishing sites) to perform actions like transferring bank details or emails without proper security guardrails.
- Risk of Bypassing Controls: AI-powered and agentic browsers can potentially bypass existing enterprise security controls and undo user security training, making traditional security measures less effective.
- Need for Extensive Risk Analysis: For organizations considering their use, Gartner recommends extensive risk analyses, strict policies, and continuous monitoring, while keeping the list of permitted applications very limited.
Enterprises Aren’t Fully Prepared
Lionel Litty, Chief Information Security Officer and Chief Security Architect at Menlo Security says there’s a good reason to be cautious about AI-powered browsers as they come with a slew of risks that enterprises aren’t fully prepared for.
“Even if you trust the AI browser vendor and are comfortable with data sharing, you need hard guardrails around how the browser operates. Limit the sites it can reach, apply strict DLP controls, and scan anything it downloads. And make sure you have a strategy to defend these browsers against vulnerabilities. They can be led astray to dark corners of the web, and URL filtering alone isn’t enough.”
Breaking Long-Standing Assumptions
Randolph Barr, Chief Information Security Officer at Cequence Security, adds that as businesses rapidly adopt agentic AI, Model Context Protocol (MCP), and autonomous browsing capabilities, a pattern is developing. “AI-native browsers are introducing system-level behaviors that traditional browsers have intentionally restricted for decades. That shift breaks long-standing assumptions about how secure a browser environment is supposed to be.”
However, Barr says the real exposure emerges when individuals install AI browsers on their personal devices. “We know from every technology adoption wave, cloud apps, messaging platforms, AI assistants, that employees first test these tools at home. With AI browsers, curiosity will drive rapid experimentation. Once users become comfortable with these tools at home, those behaviors inevitably bleed into the workplace through BYOD access, browser sync features, or personal devices used for remote work.”
Adversaries Can Scale Detection
What’s more concerning, he continues, is how easy AI browsers are to detect and how quickly adversaries can scale that detection. “AI browsers introduce unique fingerprints in their APIs, extensions, DOM behavior, network patterns, and agentic actions. Attackers can identify them with a few lines of JavaScript or by probing for AI-specific behaviors that differ from traditional browsers. With AI-driven classification models, bad actors can now fingerprint AI browsers across millions of sessions automatically. At scale, that enables targeted attacks against users running these higher-risk, agent-enabled environments.”
For Barr, this highlights why companies should remain cautious. “AI browsers are evolving faster than the guardrails that traditionally protect end users and corporate environments. Transparency around system-level capabilities, independent audits, and the ability to fully control or disable embedded extensions are table stakes if these browsers want to be considered for regulated or sensitive workflows.
“We are approaching a future where the use of AI agents will outpace the readiness of security measures. maturity. Advisories like this help highlight the gaps and hopefully drive the industry toward more secure, transparent designs before these tools become deeply embedded in enterprise ecosystems.”
Attackers Can Clone Websites in Seconds
Krishna Vishnubhotla, Vice President, Product Strategy at Zimperium, adds: “With the rise of GenAI, phishing attacks have become more sophisticated and automated, making traditional security tools increasingly ineffective, particularly on mobile browsers. Sophistication shows up in the form of highly realistic and personalized, well-written phishing content at scale across all mobile phishing (mishing) vectors, including audio, video, and voicemail. The automation aspect allows attackers to clone websites in seconds, making brand impersonation easier than ever.”
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.