AI browsers from AI companies promise to revolutionise your work, but it could also endanger you, Satyen K. Bordoloi warns.
That AI is the panacea for everything digital has long been touted. Yet, the AI browser wars are taking it to a different level. First came Dia by The Browser Company with its beta version in June 2025, followed closely by Perplexity’s Comet in July. Just in October, OpenAI announced its ChatGPT Atlas browser, which seems to have prompted Microsoft to make CoPilot look more like an AI browser.
With other major browsers like Microsoft Edge and Opera had integrated AI features or assistants (e.g., Opera Neon, Microsoft Copilot) before these dates, Dia, Comet, and Atlas were designed from the ground up to revolve the browsing experience around an integrated AI assistant capable of performing tasks and providing conversational answers based on page context, rather than just being a traditional browser with an AI add-on.
Instead of bolting AI onto traditional browsers, these browsers claim to reimagine the entire browsing experience around artificial intelligence, the notion being that these browsers become a true digital assistant that researches, books flights, fills forms, and summarises reports without you ever breaking your workflow.
The appeal is undeniable. AI tools save us hours a day, especially for knowledge workers. And for those like me, who work across dozens of browser tabs, juggling research, emails, and administrative tasks, AI browsers promise freedom from cognitive overload. Perplexity CEO Aravind Srinivas even went to the extent of claiming that the productivity gains from Comet could translate to roughly $10,000 annually in value per person, to thus potentially add trillions to global GDP if adopted widely.
So, should you jump into one? You’d expect an AI optimist like me to jump on the bandwagon immediately. Well, it’s been about a month since I downloaded Perplexity’s Comet, and I have a Pro version of the AI app, thanks to Airtel. Yet, I have not migrated lock, stock, and two smoking barrels to the browser. Why? Because beneath the glossy marketing, there lies a landscape far more dangerous than we yet realise.
Security Threats of AI Browsers
The fundamental problem with AI browsers isn’t theoretical; it poses a threat to users right now. The issue centres on a vulnerability called “prompt injection attacks,” a technique where malicious instructions hidden on websites can trick AI agents into executing commands they shouldn’t.
How it works is simple: An attacker could hide instructions in white text on a white background, embed them in images with hidden data, or slip them into social media comments. When an AI browser’s agent visits that page, it reads these invisible instructions alongside legitimate content, often confusing the two. Depending on what that instruction is, the browser could steal your passwords, drain your bank account, extract confidential emails, or post embarrassing content to your social media accounts, right under your nose.
In a chilling real-world test conducted by researchers, they successfully tricked Perplexity Comet into downloading malware onto a user’s computer by embedding malicious instructions in a fake email. The agent didn’t even hesitate or flag the danger to the user and followed orders. In another experiment, they convinced an AI browser to make purchases on a scam website using the user’s saved payment information.
OpenAI’s own Chief Information Security Officer, Dane Stuckey, has acknowledged that “prompt injection remains a frontier, unsolved security problem” and that attackers will devote “significant time and resources” to exploiting these vulnerabilities. For once, OpenAI, known for exaggeration or downplaying things, is admitting to a fundamental architectural flaw of AI agents. And AI browsers are nothing but that.
The security firm Brave has determined that indirect prompt injection is “a systemic challenge facing the entire category of AI-powered browsers,” not just one or two products. Steve Grobman, CTO of McAfee, describes this as “a cat and mouse game”—attackers continuously evolve their techniques while defenders scramble to catch up.
The Surveillance You Willingly Invite
Security vulnerabilities are on one side of the scale, and on the other are privacy concerns. Most AI browsers require you to grant them extraordinary access so that they can function to their full potential. These include your password keychain, browsing history, email, calendar, banking information, and more. This leaves you vulnerable to more than just hacking.
Take ChatGPT Atlas, which stores “browser memories”, i.e. detailed records of your browsing patterns, preferences, and frequently visited sites. Perplexity Comet and Microsoft Edge’s Copilot Mode also track browsing history to provide context. All of this data creates a comprehensive profile of your life, interests, concerns, and behaviours.
The problem isn’t just that companies collect this data—it’s that when breaches occur (and they will), attackers gain access to an unprecedented window into your personal life. Worse, most users installing these browsers don’t fully understand what they’re sharing. Research shows people casually import their entire Chrome profile into new browsers without realising they’ve just handed over years of browsing history, saved passwords, and autofill data.
So Should You Migrate?
The answer depends entirely on how much you perceive as a threat. If you are primarily concerned with convenience and productivity gains, the current generation of AI browsers offers meaningful benefits. Research workflows become faster. Repetitive tasks get automated. Context-aware assistance genuinely saves you time as the browser understands your needs and priorities.
Having said that, if you handle sensitive information like banking, healthcare, legal documents, or personal communications, at this moment at least, the risks far outweigh the benefits. These tools are not yet ready. They are more like experimental, where the companies building them are essentially asking users to be beta testers for security and privacy solutions that don’t yet exist.
So, a middle ground could be more appropriate. For casual users, Microsoft Edge Copilot Mode appears to provide a risk-appropriate introduction to AI browsing with minimal downsides. It’s free, cross-platform, and doesn’t require delegating excessive permissions.
However, if you want to do more, using Chrome or Firefox with traditional extensions like Sider or Monica, rather than migrating entirely, could be a solution for the moment. This gives you AI capabilities inside the browser, without compromising your entire browsing experience to untested architectures.
However, if you are a professional desperately looking for an AI browser, I’d say stick to traditional browsers for the moment. The productivity gains that you gain from it do not yet justify the security risks and compliance nightmares that they introduce into your life. Wait, maybe a year or two for the ecosystem to mature, for the developers to find solutions to the vulnerabilities inherent in the system.
Why Are They Making Them Despite the Risks
Tech companies themselves know how risky these tools are. Yet, they are racing to launch them because the competitive stakes are too high to wait for security perfection. Google integrated Gemini into Chrome partly to prevent search migration to Perplexity. OpenAI launched Atlas to compete with Perplexity before Comet became the de facto AI browser. Microsoft reacted within 48 hours of OpenAI’s launch.
As you can see from the timeline itself, this is less about what’s best for users and more about capturing mindshare and usage patterns before an AI-native browser becomes the standard. History would suggest that at this moment, whoever controls the browser interface during the AI transition will define how digital assistants work for the next decade.
AI browsers are the future. They’ll mature, security will improve, and in three to five years, most of us will probably use one. But we are not there yet. Hence, be patient. Try these browsers on non-sensitive accounts. Monitor security developments. Don’t migrate your entire digital life until the companies building these tools can guarantee the boundaries between your instructions and malicious website content remain impenetrable.
The productivity gains are real. So are the risks. Choose wisely.
In case you missed:
- The Great AI Browser War: When AI Decided to Crash the Surfing Party
- Zero Clicks. Maximum Theft: The AI Nightmare Stealing Your Future
- The Rise of Personal AI Assistants: Jarvis to ‘Agent Smith’
- Don’t Mind Your Language with AI: LLMs work best when mistreated?
- Meet Manus AI: Your New Digital Butler (don’t ask it to make coffee yet)
- Why the Alleged, Upcoming AI Crash Is Never Going To Happen
- Digital Siachen: Why India’s War With Pakistan Could Begin on Your Smartphone
- Forget Chernobyl: Your Instagram Feed Might Cause The Next Nuclear Disaster
- Google Falters Under AI Onslaught: Future of Search in Peril?
- Deep Impact: How Cheap AI like DeepSeek Could Upend Capitalism
