Skip to main content
  1. Home
  2. Computing
  3. News

Yet another research breaks the hype bubble for AI browsers serving serious security flaws

Four popular AI browsers can be exploited to steal your data from other open tabs.

Add as a preferred source on Google
ChatGPT Atlas browser on a MacBook.
Nadeem Sarwar / Digital Trends

AI browsers are being sold as the next big thing. They can summarize pages, book trips, and even make purchases for you. But a new study from the University of Washington found that four of the seven most popular ones come with a security risk serious enough to let malicious websites steal data from other sites you have open. The more capable the browser, the bigger the risk turns out to be.

The 30-year security rule that AI browsers are breaking

Since 1995, every browser has followed a rule called the same-origin policy, which prevents websites from reading each other’s data. If you have your bank open in one tab and visit a sketchy site in another, that sketchy site cannot touch your banking information. AI browsers need to bypass this rule to function, since completing tasks across multiple tabs requires reading across different sites.

Recommended Videos

That broader access is exactly what attackers can exploit through two methods. The first is prompt injection, where a malicious webpage hides secret instructions that the AI agent follows without realizing it has been manipulated, potentially exposing your private emails, passwords, or calendar details.

The second method is memory poisoning, where planted instructions get stored in the agent’s memory and activate later, even after the original page is closed. Researchers ran a successful proof-of-concept attack on ChatGPT Atlas, demonstrating the risk is real. Claude for Chrome was flagged as particularly risky because its browser extension design lets it inject code directly into webpages.

Which AI browsers are safe and which ones put your data at risk?

Out of seven browsers, ChatGPT Atlas, Chrome with Gemini, Claude for Chrome, and Perplexity Comet were found vulnerable. Microsoft Edge with Copilot, Brave Leo, and Firefox AI Mode showed stronger security properties, though Firefox was also the most limited in capability.

Researchers disclosed the findings to all companies involved. Anthropic and Firefox did not respond. Whereas Perplexity and OpenAI declined to act, arguing the researchers lacked a complete end-to-end attack demonstration. Meanwhile, Google, Microsoft, and Brave engaged constructively with the findings.

This follows the recent BioShocking exploit, which also showed how AI browsers can be manipulated by context. Right now, the research suggests AI browsers may still be moving faster than their security can keep up.

Manisha Priyadarshini
Manisha Priyadarshini is a tech and entertainment writer with over nine years of editorial experience.
Claude Fable 5 is leaving subscriptions, but maybe not for good
High demand is pushing Claude Fable 5 out of subscriptions for now
Claude Fable 5 and Claude Mythos 5 Official Render

Anthropic’s most advanced publicly available Claude model is still leaving standard subscription access after July 7, but the company is now trying to calm fears that the move is permanent.

Fable 5 recently returned to Claude after drawing scrutiny from the U.S. government. Anthropic said it would be included on Pro, Max, Team, and select Enterprise plans for up to 50% of weekly usage limits through July 7. After that date, the model is set to move to usage-credit billing, meaning users will pay for access outside their regular plan limits.

Read more
Valve just gave away the blueprint for its coolest Steam Machine mod
Valve giving away the recipe instead of the dish, and honestly, we're okay with it.
Valve Steam Machine Featured Design Coverplate

While Valve’s Steam Machine launched at a higher-than-expected price due to the AI-driven chip shortage, it seems that the company is not sitting on its haunches and is still working hard to make the product more enticing to users. 

One of the coolest features of the Steam Machine is the user-customizable front faceplate, and Valve has just made it better. The company open-sourced its "Inkterface" project, which allows users to build their own e-ink faceplate for the Steam Machine.

Read more
Brave’s new Container feature is a lifesaver for anyone juggling multiple accounts
With this feature, you won't need to open three different browsers
Brave browser 3D logo

Brave has added Containers to its desktop browser, giving users a built-in way to keep different accounts, sessions, and browsing activity separate. The feature is available in Brave 1.92 for Windows, macOS, and Linux, and is rolling out in phases over the next few days.

Containers have been a highly requested feature, especially for users who regularly switch between work, personal, developer, or creator accounts. Once enabled, they let users open tabs in separate spaces where cookies and site storage are not shared outside that container.

Read more