- Gartner has warned organizations against blocking browsers with AI
- AI browsers can threaten data, leak financial information and share login credentials
- Employees can use AI browsers to train in cybersecurity
Analyst firm Gartner has advised companies to block the use of browser AI, warning of the possibility of data disclosure or autonomous actions by browser agents on malicious websites.
Vice President Dennis’s most important observation
AI browsers such as OpenAI’s ChatGPT Atlas are widely used to increase efficiency through autonomous navigation, workflows and data collection. However, malicious websites can trick you into collecting and sending sensitive information, such as bank account information, login details and emails.
“I’m glad I hack you “
Gartner analysts summarize that an agent navigator contains two main functions:
- The ability to interact with web content using the developer’s artificial intelligence model and provide features such as content summarization, data collection, translation, and search capabilities.
- The ability to independently perform tasks on websites, even during authenticated sessions.
Many agent browsers do not allow the use of AI features in an on-premises LLM, meaning that user data, from web content to browsing history and open tabs, “is often sent to the cloud-based AI backend, increasing the risk of data exposure unless security and privacy settings are intentionally strengthened and managed centrally.”
Ultimately, it is up to each organization to evaluate their browser’s AI backend services to determine whether they comply with an organization’s privacy and cybersecurity policies. But even when they are used, they can still be used in ways that pose additional risks to the organization.
In this case, the user can provide the browser with an unnecessary amount of sensitive information by simply opening the sensitive information in the same browser window while using the browser’s AI assistant.
Additionally, because browser agents can perform actions autonomously, Gartner warns that employees “may be tempted to use AI browsers and automate certain mandatory, repetitive, and less interesting tasks,” such as cybersecurity training.
Gartner suggests that organizations that continue to use agent browsers should “inform users that anything they see may be sent to the backend of the AI service to ensure that highly sensitive data is not active in the browser tab while they use the AI browser sidebar to summarize or perform other autonomous actions.” »
Javad Malik, a leading advocate for security awareness, commented on Gartner’s advice SavoirBe4 proverb:
“AI capabilities have created tensions in cybersecurity, forcing people to weigh the balance between productivity and security risks. While agent browsers promise many features to improve the user experience, we are still at an early stage where the risks are not well understood and defaults prioritize convenience over security, as we see with many technologies.
“But blanket bans are rarely sustainable long-term strategies. Instead, the focus should be on risk assessments that evaluate the specific AI services supported by these browsers.”
IN the record
