University Study Uncovers Major Cybersecurity Risks in AI-Driven Web Browsers
July 9, 2026
A University of Washington study of seven agentic web browsers found significant cybersecurity risks, including bypassing the same-origin policy in four browsers and potential cross-site data leakage.
Researchers warn that current agent security measures are still evolving and not yet capable of fully protecting user information, even for savvy users, indicating these agents aren’t ready for public deployment.
Among the tested options, Firefox AI Mode was the least risky but also had the most limited capabilities, illustrating a trade-off between safety and functionality.
The study identifies key attack vectors such as prompt injection, where a malicious page instructs the agent, and memory poisoning, which could lead to leakage or misuse of remembered data.
The work was presented on April 26 at the Agents in the Wild Workshop in Rio de Janeiro, with partial funding from Microsoft gifts; responses from Anthropic, Firefox, Perplexity, and OpenAI varied.
Experts emphasize ongoing research and collaboration with browser and AI companies to close security gaps without sacrificing essential browser capabilities.
The same-origin policy, a cornerstone of web security since 1995, is undermined when AI agents gain excessive or misused browser access, enabling cross-origin data interactions that should be siloed.
Researchers demonstrated a successful proof-of-concept attack on ChatGPT Atlas where data could be stolen from one site and accessed from another, highlighting risks from embedded ads or pages.
Other browsers evaluated—Chrome with Gemini, Claude for Chrome, and Perplexity Comet—also showed vulnerabilities under certain conditions, with those offering fewer permissions generally appearing safer.
Summary based on 1 source
Get a daily email with more Tech stories
Source

Digital Information World • Jul 9, 2026
Research Highlights Cybersecurity Challenges in Emerging AI Browser Agents