University of Washington Study Finds Major Security Flaws in AI Browser Agents

graphical user interface, text

New research from the University of Washington has found that several popular AI-powered agentic browsers carry significant cybersecurity vulnerabilities, undermining a foundational web security protocol known as the same-origin policy. The study examined seven agentic browsers and found that four, including ChatGPT Atlas, Chrome with Gemini, Claude for Chrome, and Perplexity Comet, created conditions allowing malicious actors to bypass the protections that normally prevent websites from accessing each other’s data.

Researchers successfully demonstrated a proof-of-concept attack on ChatGPT Atlas, in which one website was able to extract sensitive information from another embedded within it. Browsers granting AI agents fewer permissions were generally found to be safer, with Firefox AI Mode emerging as the least risky option tested, though also the most limited in capability.

David Kohlbrenner, a University of Washington assistant professor and co-senior author of the study, said browser agents with access to sensitive credentials should not yet be trusted to protect user information. Co-senior author Franziska Roesner noted that the same-origin policy has underpinned safe web browsing for three decades, and that the vulnerabilities identified represent a meaningful regression in browser security.

The researchers identified two primary attack vectors: prompt injection, where hidden instructions embedded in malicious webpages manipulate an agent’s behaviour, and memory poisoning, where an agent’s stored information becomes vulnerable to cross-contamination between different website origins.

The findings were shared with the companies involved; Anthropic and Firefox did not respond, while Perplexity and OpenAI declined to comment.

Need Deeper Intelligence on the AI Market?

AI Insider's Market Intelligence platform tracks funding rounds, competitive landscapes, and technology trends across the global AI ecosystem in real time. Get the data and insights your organization needs to make informed decisions.

Related Articles

Queue Raises $12.6M in Seed Funding to Launch the World’s First Fully Autonomous Robotic Pharmacy

Insider Brief Queue has emerged from stealth after raising $12.6 million in seed funding to build an autonomous robotic pharmacy system that fills and verifies

Investment Scrabble text
Tetrix Closes $15M Series A to Scale AI Platform Powering $100B in Private Market Assets

Insider Brief PRESS RELEASE — Tetrix, the AI investment platform for alpha-seeking limited partners in alternative markets, has announced it has raised a $15 million

logo
Google Expands Free Access to Personalized AI Image Generation in Gemini App

Google has expanded access to Nano Banana-powered personalised image generation within its Gemini app, making the feature available free to all eligible US users, a

Stay Updated with AI Insider

Get the latest AI funding news, market intelligence, and industry insights delivered to your inbox weekly.

$ 0 M

Seed round tracked

Gitar — Code Validation

Get the Weekly Briefing

Funding analysis, market intelligence, and industry trends delivered to your inbox every week.

Need bespoke intelligence?

Our team combines real-time data with decades of sector experience to guide your decisions.

Subscribe today for the latest news about the AI landscape