If you’ve been hearing buzz about AI-powered browsers like OpenAI’s ChatGPT Atlas, Perplexity’s Comet, or Brave’s Leo AI assistant, you might be tempted to jump on board. While it might be enticing to let a browser summarize web pages instantly, automate tedious tasks, and remember what you’ve been researching. It sounds like the future, doesn’t it?
Here’s the reality though, these AI browsers introduce serious security vulnerabilities and privacy concerns that far outweigh their conveniences. Until developers solve these fundamental issues, you’re better off sticking with traditional browsers.
The biggest problem with AI browsers is what attackers can trick them into doing. These browsers suffer from injection attacks, where malicious websites embed hidden commands that the AI interprets as legitimate instructions.
Imagine you’re browsing Reddit and ask your AI browser to summarize a post. An attacker has embedded invisible instructions — white text on white background, or hidden in images — that your AI reads and follows, thinking they came from you. Within seconds, it could forward your emails to the attacker, scrape sensitive data from open tabs, or make purchases on your behalf.
Security researchers at Mozilla demonstrated this exact vulnerability in Perplexity’s Comet. They created a Reddit post with hidden malicious prompts that instructed Comet to extract the user’s email address, log into their account, retrieve one-time passwords, and send everything to the attacker. The AI followed these instructions without question.
The fundamental problem, as cybersecurity experts explain, is that AI browsers fail to distinguish between instructions written by a trusted user from text written on untrusted webpages. Unlike humans who can spot suspicious requests, AI agents lack common sense and will execute commands they encounter on websites as if you typed them yourself (https://theage.com.au/2025/10/30/).
Beyond security vulnerabilities, AI browsers are surveillance engines. To function, they need unprecedented access to your digital life and collect far more information than traditional browsers. Google’s Gemini integration with Chrome collects 24 different data types directly linked to you, including name, location, device ID, browsing history, and purchase history. Perplexity’s Comet collects 10 types of data linked to you, while Microsoft Edge with Copilot collects six.
A University of California, Davis study revealed that some AI browser assistants collect the full HTML of every page you visit, including medical histories, patient diagnoses, and even social security numbers entered on IRS websites. One browser extension, Merlin, was caught sharing users’ raw queries with Google Analytics servers, enabling cross-site tracking.
The Perplexity CEO admitted the real purpose of Comet is data collection, stating on a podcast, We want to get data even outside the app to better understand you… What are the things you’re buying? Which hotels are you going to? What are you spending time browsing? [These things] tell us so much more about you. Telling users that Comet exists to profile them.
While that admission is wonderful. Perhaps more alarming is OpenAI explicitly warning users on their help site, Do not use Atlas with regulated, confidential, or production data. The company that built this browser is telling you it’s not safe for sensitive information.
Security researchers from Brave, Kaspersky, and many academic institutions agree: AI browsers aren’t ready for real-world use with sensitive data. You can already do everything AI browsers promise — summarize articles, organize tabs, draft emails — with standalone chatbots like ChatGPT, Claude, or Perplexity’s website. The only difference is manually pasting links, which acts as a crucial security checkpoint. That manual step prevents your AI assistant from having unrestricted access to everything in your browser simultaneously.
All web browsers have privacy issues. However, until AI browser developers solve these fundamental security and privacy problems — and there’s no indication they’re close — you should avoid them entirely. Use Firefox, Safari, Edge, or Chrome. When you need AI assistance, use standalone chatbots where you consciously decide what information to share.
Here’s the thing, folks: The promise of AI browsers is seductive, but right now they’re security vulnerabilities masquerading as innovation. These companies rushed to market without solving critical safety issues. Your emails, medical records, financial information, and browsing history are too valuable to hand over to systems that can’t distinguish between your instructions and an attacker’s malicious commands.
With that…Don’t let clever marketing convince you to sacrifice your security and privacy for features you don’t actually need.
If you do not work directly with them, that shouldn’t stop you from advising others to protect their privacy.