Gartner's latest advisory, 'Cybersecurity Must Block AI Browsers for Now', highlights a critical concern regarding the use of AI browsers. According to the analysts, including research VP Dennis Xu, senior director analyst Evgeny Mirolyubov, and VP analyst John Watts, AI browsers pose significant security risks that organizations should not ignore.
The analysts define AI browsers as tools like Perplexity's Comet and OpenAI's ChatGPT Atlas, which offer an 'AI sidebar' and 'agentic transaction capability'. The 'AI sidebar' allows users to summarize, search, translate, and interact with web content using AI services. Meanwhile, the 'agentic transaction capability' enables the browser to autonomously navigate, interact with, and complete tasks on websites, especially within authenticated web sessions.
The advisory warns that AI sidebars transmit sensitive user data, such as active web content, browsing history, and open tabs, to cloud-based AI back ends. This increases the risk of data exposure unless security and privacy settings are carefully managed and centralized.
To mitigate these risks, Gartner suggests assessing the back-end AI services powering an AI browser to determine if their security measures are acceptable for your organization. If approved, organizations should educate users about the potential data transmission to the AI service back end, ensuring they avoid sharing highly sensitive data while using the AI browser's sidebar.
However, if the back-end AI is deemed too risky, Gartner recommends blocking users from downloading or installing AI browsers. The analysts express fears about the agentic capabilities of AI browsers, including susceptibility to prompt-injection-induced rogue agent actions, inaccurate reasoning-driven erroneous agent actions, and the potential for further loss and abuse of credentials.
Additionally, they warn that employees might use AI browsers to automate mandatory, repetitive tasks, such as cybersecurity training. The analysts also consider a scenario where AI browsers are exposed to internal procurement tools, leading to potential mistakes and unnecessary purchases. To address these concerns, they suggest limiting agents' access to email and implementing settings that prevent data retention by AI browsers.
In summary, Gartner's advisory emphasizes the need for thorough risk assessments before adopting AI browsers, as the potential risks and security challenges are significant.
