Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Redazione RHC : 10 December 2025 08:11
Gartner analysts have urged businesses to temporarily stop using browsers with built-in artificial intelligence (AI) capabilities .
In a recent advisory, the company emphasizes that such tools pose unnecessary risks to corporate security and that their default settings are more focused on convenience than data protection.
Gartner explains that AI-powered browsers include solutions like Perplexity’s Comet and OpenAI’s ChatGPT Atlas, which feature a sidebar with automated web page analysis capabilities, as well as mechanisms that allow the program to independently navigate websites and perform actions in authorized sessions.
According to the report’s authors, this approach results in the content of active tabs, browsing history , and other elements of the work environment being sent to the developer’s cloud infrastructure , increasing the risk of data leakage.
To mitigate these risks, the company recommends carefully reviewing the architecture of the AI services used and evaluating their security measures . However, even then, it’s important to ensure employees don’t have sensitive data open while the sidebar is running.
Gartner also notes the vulnerability of these browsers to stealth intervention through command substitution, which could lead to incorrect actions by agents, redirection to phishing sites and subsequent compromise of credentials.
Another threat is the potential for routine process automation: employees could attempt to instruct the browser to perform mandatory training modules or other tasks that require in-person interaction. Errors in interacting with internal procurement systems are also possible, which could lead to incorrect requests or the ordering of unsuitable goods and services.
The authors of the document propose partial measures, including limiting e-mail functions and banning data archiving .
However, they conclude that until a full risk assessment is conducted, it is best to completely block such tools. Even after the assessment, it will likely be necessary to compile a more extensive list of unacceptable scenarios and regularly monitor compliance with these restrictions.
Redazione