Brave, the privacy-focused browser company, has raised alarms about a growing security risk in the emerging wave of “agentic” AI browsers. These are browsers that can independently browse the web and act on the users’ behalf.
Hidden Instructions, Real Threats
In a series of posts, Brave revealed that Perplexity’s Comet AI assistant can take screenshots of websites and analyse them for users, but it can also follow hidden instructions embedded in those same pages. This means that if a website contains concealed commands, Comet could unknowingly execute them, posing a serious security concern.
Brave also noted that Fellou, another AI-powered browser, shows some resistance to these “hidden instruction attacks.” However, it still treats all visible website content as trustworthy. As a result, even asking the browser to visit a seemingly normal page could lead to the AI processing and obeying malicious instructions without the user’s awareness.
When AI Acts with Your Privileges
Brave described the most dangerous aspect of these flaws as the AI assistant’s ability to act with the user’s authenticated privileges. A hijacked AI browsing agent could potentially access sensitive information(banking portals, work emails, or private accounts) simply by being tricked into executing harmful webpage commands.
Containing the Risk
To reduce these risks, Brave recommends that developers:
-
Separate agentic browsing from normal browsing to prevent cross-contamination of data or access.
-
Require explicit user consent for sensitive actions such as opening sites, reading emails, or executing automated tasks.
Still, Brave emphasised that structural changes to how AI agents interact with the web are necessary to ensure long-term safety.
A Call for Transparency
Brave confirmed that it disclosed these vulnerabilities to the affected companies before making them public. The company argued that transparency is essential to addressing the security challenges of agentic AI, stating that open dialogue among developers and users is the only way to make the web safer as AI-driven browsing evolves.
