{"id":15286,"date":"2025-12-08T18:06:39","date_gmt":"2025-12-08T18:06:39","guid":{"rendered":"https:\/\/newestek.com\/?p=15286"},"modified":"2025-12-08T18:06:39","modified_gmt":"2025-12-08T18:06:39","slug":"keep-ai-browsers-out-of-your-enterprise-warns-gartner","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=15286","title":{"rendered":"Keep AI browsers out of your enterprise, warns Gartner"},"content":{"rendered":"<div>\n<div id=\"remove_no_follow\">\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<section class=\"wp-block-bigbite-multi-title\">\n<div class=\"container\"><\/div>\n<\/section>\n<p>AI browsers including Perplexity Comet and OpenAI\u2019s ChatGPT Atlas present security risks that cannot be adequately mitigated, and enterprises should prevent employees using them, according to Gartner.<\/p>\n<p>\u201cGartner strongly recommends that organizations block all AI browsers for the foreseeable future because of the cybersecurity risks,\u201d analysts Dennis Xu, Evgeny Mirolyubov, and John Watts wrote in a research note last week. They made their recommendation based on risks they had already identified, \u201cand other potential risks that are yet to be discovered, given this is a very nascent technology.\u201d<\/p>\n<p>The warning is timely, as AI browsers are already gaining a foothold in the enterprise: 27.7% of organizations already have at least one user with Atlas installed, with some enterprises seeing up to 10% of employees actively using the browser, <a href=\"https:\/\/www.cyberhaven.com\/blog\/browser-agent-security-risk-chatgpt-atlas\">\u00a0cybersecurity firm Cyberhaven<\/a> said in October. It found adoption rates highest in the technology industry (67%), pharmaceuticals (50%), and finance (40%), all sectors with heightened security requirements.<\/p>\n<p>ChatGPT Atlas, launched on October 21, saw 62 times more corporate downloads than Perplexity Comet, which was released July 9, according to Cyberhaven. The launch of Atlas also sparked renewed interest in AI browsers overall, with Comet downloads surging sixfold during the same week.<\/p>\n<p>But <a href=\"https:\/\/www.computerworld.com\/article\/4078115\/enterprises-should-not-install-openais-new-atlas-browser-analysts-warn.html\">concerns were raised<\/a> immediately after the launch of ChatGPT Atlas about the threat posed by AI browsers, with analysts pointing to prompt injection vulnerabilities and data security concerns.<\/p>\n<h2 class=\"wp-block-heading\" id=\"sensitive-data-at-risk\">Sensitive data at risk<\/h2>\n<p>The reason AI browsers are of concern is that when they send active web content, browsing history, and open tab contents to the cloud for analysis, enterprises lose control of their data.<\/p>\n<p><a href=\"https:\/\/www.perplexity.ai\/hub\/faq\/data-privacy-and-security-faqs\">Perplexity\u2019s documentation<\/a>, for example, warns that \u201cComet may process some local data using Perplexity\u2019s servers to fulfill your queries. This means Comet reads context on the requested page (such as text and email) in order to accomplish the task requested.\u201d<\/p>\n<p>Mirolyubov, senior director analyst at Gartner, said, \u201cThe real issue is that the loss of sensitive data to AI services can be irreversible and untraceable. Organizations may never recover lost data.\u201d<\/p>\n<p>It\u2019s not just where the browsers send your data for processing that is a concern; it\u2019s what they do as a result : \u201cErroneous agentic transactions raise accountability concerns in case of expensive errors,\u201d he said.<\/p>\n<h2 class=\"wp-block-heading\" id=\"traditional-controls-inadequate\">Traditional controls inadequate<\/h2>\n<p>AI browsers can autonomously navigate websites, fill out forms, and complete transactions while authenticated to web resources. As he and his colleagues wrote in their report, this makes the AI browsers susceptible to new cybersecurity risks, \u201csuch as indirect prompt-injection-induced rogue agent actions, inaccurate reasoning-driven erroneous agent actions, and further loss and abuse of credentials if the AI browser is deceived into autonomously navigating to a phishing website.\u201d<\/p>\n<p>\u201cTraditional controls are inadequate for the new risks introduced by AI browsers, and solutions are only beginning to emerge,\u201d Mirolyubov said. \u201cA major gap exists in inspecting multi-modal communications with browsers, including voice commands to AI browsers.\u201d<\/p>\n<p>Prompt injection remains a particular concern, OpenAI CISO Dane Stuckey acknowledged in <a href=\"https:\/\/x.com\/cryps1s\/status\/1981037851279278414\">a post to X<\/a>, formerly Twitter, the day after ChatGPT Atlas\u2019s launch: \u201cPrompt injection remains a frontier, unsolved security problem, and our adversaries will spend significant time and resources to find ways to make ChatGPT agents fall for these attacks.\u201d<\/p>\n<h2 class=\"wp-block-heading\" id=\"discovered-vulnerabilities-highlight-immaturity\">Discovered vulnerabilities highlight immaturity<\/h2>\n<p>Beyond theoretical risks, concrete security flaws have emerged in both major AI browsers. Days after ChatGPT Atlas launched, researchers discovered it stores OAuth tokens unencrypted with overly permissive file settings on macOS, potentially allowing unauthorized access to user accounts. The vulnerability was <a href=\"https:\/\/teamwin.in\/chatgpt-atlas-stores-oauth-tokens-unencrypted-leads-to-unauthorized-access-to-user-accounts\/\">documented by security research group Teamwin<\/a> on October 27.<\/p>\n<p>OpenAI had not released a patch as of October 31, when Gartner completed its research.<\/p>\n<p>Separately, cybersecurity firm LayerX Security <a href=\"https:\/\/layerxsecurity.com\/blog\/cometjacking-how-one-click-can-turn-perplexitys-comet-ai-browser-against-you\/\">reported<\/a> in August the discovery of a vulnerability in Comet called \u201cCometJacking\u201d that could potentially exfiltrate user data to attacker-controlled servers.<\/p>\n<p>OpenAI and Perplexity did not immediately respond to requests for comment.<\/p>\n<h2 class=\"wp-block-heading\" id=\"years-not-months-to-mature\">Years, not months, to mature<\/h2>\n<p>The discovered vulnerabilities highlight broader concerns about the maturity of AI browser technology. \u201cSecurity and privacy must become core design principles rather than afterthoughts,\u201d Mirolyubov said. AI browser vendors must incorporate enterprise-grade cybersecurity controls from the outset and provide greater transparency regarding data flows and agentic decisions, he said.<\/p>\n<p>Emerging AI usage control solutions will likely take \u201ca matter of years rather than months\u201d to mature, he said. \u201cEliminating all risks is unlikely \u2014 erroneous actions by AI agents will remain a concern. Organizations with low risk tolerance may need to block AI browsers for the longer term.\u201d<\/p>\n<p>Organizations with higher risk tolerance that want to experiment should limit pilots to small groups tackling low-risk use cases that are easy to verify and roll back, the Gartner report said. Users must \u201calways closely monitor how the AI browser autonomously navigates when interacting with web resources.\u201d<\/p>\n<p>For now, Gartner said, organizations should block AI browser installations using existing network and endpoint security controls and review their AI policies to ensure that broad use of AI browsers is prohibited.<\/p>\n<p>\u201cToday, most cybersecurity teams choose to block AI browsers, delaying adoption until risks are better understood and controls are more mature,\u201d Mirolyubov said.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>AI browsers including Perplexity Comet and OpenAI\u2019s ChatGPT Atlas present security risks that cannot be adequately mitigated, and enterprises should prevent employees using them, according to Gartner. \u201cGartner strongly recommends that organizations block all AI browsers for the foreseeable future because of the cybersecurity risks,\u201d analysts Dennis Xu, Evgeny Mirolyubov, and John Watts wrote in a research note last week. They made their recommendation based&#8230; <\/p>\n<p class=\"more\"><a class=\"more-link\" href=\"https:\/\/newestek.com\/?p=15286\">Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-15286","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15286","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=15286"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15286\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=15286"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=15286"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=15286"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}