Introduction to AI Browsers
The emergence of AI-powered web browsers, such as Fellou and Comet from Perplexity, is revolutionizing the way we interact with the internet. These browsers come equipped with AI features that can read and summarize web pages, and even act on web content autonomously. In theory, AI browsers promise to speed up digital workflows, undertake online research, and retrieve information from internal sources and the wider internet.
The Risks of AI Browsers
However, security research teams have raised concerns that AI browsers introduce significant risks into the enterprise. The main issue lies in the fact that AI browsers are highly vulnerable to indirect prompt injection attacks. These attacks occur when the model in the browser receives instructions hidden in specially-crafted websites. By embedding text into web pages or images, AI models can be fed instructions in the form of AI prompts, or amendments to prompts that are input by the user.
Automation Meets Exposure
In tests, researchers discovered that embedded text in online content is processed by the AI browser and is interpreted as instructions to the smart model. These instructions can be executed using the user’s privileges, so the greater the degree of access to information that the user has, the greater the risk to the organisation. For example, it’s possible to embed text commands into an image that, when displayed in the browser, could trigger an AI assistant to interact with sensitive assets, like corporate email, or online banking dashboards.
Implementation and Governance Challenges
The root of the problem is the merging of user queries in the browser with live data accessed on the web. If the Large Language Model (LLM) can’t distinguish between safe and malicious input, then it can access data not requested by its human operator and act on it. When given agentic abilities, the consequences can be far-reaching, and could easily cause a cascade of malicious activity across the enterprise.
Threat Mitigation
To mitigate these risks, IT teams should regard the first generation of AI browsers as unauthorised software. Mainstream browsers such as Chrome and Edge are shipping with increased numbers of AI features, and agentic features will be quick to appear, driven by the need for competitive advantage between browser companies. Without proper oversight and controls, organisations are opening themselves to significant risk. Future generations of browsers should be checked for features such as prompt isolation, gated permissions, sandboxing of sensitive browsing, and governance integration.
Key Features for Secure AI Browsers
To ensure the security of AI browsers, the following features are essential:
- Prompt isolation, separating user intent from third-party web content before LLM prompt generation.
- Gated permissions, where AI agents should not be able to execute autonomous actions without explicit user confirmation.
- Sandboxing of sensitive browsing, so there is no AI activity in these sensitive areas.
- Governance integration, where browser-based AI aligns with data security policies, and provides records to make agentic actions traceable.
Conclusion
Agentic AI browsers are presented as the next logical evolution in web browsing and automation in the workplace. However, given the ease with which the LLMs in AI browsers are circumvented and corrupted, the current generation of AI browsers can be regarded as dormant malware. It is essential for organisations to exercise caution when adopting AI-powered browsers and to ensure that proper security measures are in place to mitigate the risks associated with these browsers.
FAQs
Q: What are AI browsers?
A: AI browsers are web browsers that come equipped with AI features that can read and summarize web pages, and even act on web content autonomously.
Q: What are the risks associated with AI browsers?
A: AI browsers are highly vulnerable to indirect prompt injection attacks, which can allow attackers to execute malicious instructions using the user’s privileges.
Q: How can organisations mitigate the risks associated with AI browsers?
A: Organisations can mitigate the risks by implementing proper oversight and controls, such as prompt isolation, gated permissions, sandboxing of sensitive browsing, and governance integration.
Q: Are AI browsers suitable for use in the enterprise?
A: Currently, AI browsers are not yet suitable for use in the enterprise due to the significant security risks they pose.
