Artificial intelligence-based browsers, such as Comet from Perplexity or Dia from The Browser Company, are much more susceptible to fraud. Unlike humans, they are not yet able to distinguish fake sites and links from real ones, which can lead to the accidental disclosure of confidential data. This is according to a study by Guardio called Scamlexity.
The main feature of AI browsers is that they have agents that perform various tasks on behalf of users. This means that while you are minding your own business, giving an agent a task can reveal banking information or download a malicious file without your knowledge.
Guardio, a startup that creates a browser extension designed to detect fraud in real time, conducted research using the only widely used AI browser so far, Comet. In several tests, the AI easily fell for three fraudulent schemes, putting a real user at risk.
The first test tested how agents can buy goods online. A person opened a fake Walmart website, and Comet loaded it without any warnings about fraud. The agent completed the task - bought an Apple Watch. The browser automatically substituted payment details and a shipping address, despite obvious signs that the site was fake.
Another test tested the email agent's functionality. The researchers sent an email from Wells Fargo with a phishing link. Comet mistook it for a genuine request from the bank and immediately followed the link. On the fake page, the agent entered bank details without verification, putting the user at risk.
Another fraudulent scheme with AI browsers is hidden AI prompts. In this case, instructions are embedded in the site that the agent executes without the user noticing. This way, attackers can force the user to, for example, download a malicious file or transfer confidential data.
Guardio notes that developers of AI browsers like Perplexity are now more focused on user experience, so security often takes a back seat or relies entirely on third-party tools like Google Safe Browsing, which are often inadequate.
"If AI Agents are going to handle our emails, shop for us, manage our accounts, and act as our digital front-line, they need to inherit the proven guardrails we already use in human-centric browsing: robust phishing detection, URL reputation checks, domain spoofing alerts, malicious file scanning, and behavioral anomaly detection - all adapted to work inside the AI decision loop," the study says.