SquareX Research Reveals Critical Security Vulnerabilities in AI Browsers
SquareX has published research highlighting significant security vulnerabilities in AI-powered web browsers, raising concerns for enterprises and consumers as these browsers gain widespread adoption. The research demonstrates that AI browsers, such as Comet, can be easily manipulated by attackers due to their task-oriented design and lack of inherent security awareness. Attackers can exploit these browsers to perform OAuth attacks, which can result in unauthorized access to sensitive enterprise SaaS applications, including email and cloud storage services like Google Drive. In one documented case, an AI browser was tricked into granting attackers full access to a victim's email and Google Drive, enabling the exfiltration of all files, including those shared by colleagues and customers. The vulnerabilities also extend to the distribution of malware and malicious links, as AI browsers can be convinced to download and execute harmful files as part of their automated workflows. SquareX warns that as major technology companies such as OpenAI, Microsoft, Google, and The Browser Company enter the AI browser market, the risk surface will expand dramatically. With Chrome and Edge accounting for 70% of the browser market, the transition to AI browsers could put millions of users at risk if security guardrails are not implemented. The research emphasizes the need for browser-native solutions that incorporate agentic identity and data loss prevention (DLP) tailored to the unique behaviors of AI agents. SquareX's findings suggest that without such measures, attackers will continue to find it trivial to bypass security controls by exploiting the automation and decision-making capabilities of AI browsers. The report also notes that AI browsers are likely to become the primary interface for internet use in the near future, making the urgency of addressing these vulnerabilities even greater. Enterprises are advised to prepare for these emerging threats by evaluating the security posture of AI browsers before widespread deployment. The research calls for industry collaboration to develop standards and best practices for securing AI-driven browsing environments. SquareX's technical blog provides detailed case studies illustrating the real-world impact of these vulnerabilities, underscoring the practical risks faced by organizations. The disclosure has prompted discussions within the cybersecurity community about the need for proactive defense strategies as AI technologies become more deeply integrated into everyday tools. Security experts echo SquareX's concerns, warning that the rapid adoption of AI browsers without adequate safeguards could lead to large-scale data breaches and malware outbreaks. The research serves as a wake-up call for both browser developers and enterprise security teams to prioritize the development and deployment of robust security mechanisms for AI-powered browsing platforms.

Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
1 event from the most recent confirmed update back to the earliest known activity.
SquareX discloses security risks affecting AI browsers
SquareX reported that AI-enabled browsers can be abused through OAuth attacks, malicious link distribution, and malware download scenarios, highlighting risks such as data theft and unsafe automated actions. Multiple outlets covered the same disclosure as a single research finding.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
6 references tracked. Mallory keeps watching after this page renders.
Cyber risks in AI browsers detailed
scworld.com
Open sourceAI Browsers Vulnerable to Data Theft, Malware
govinfosecurity.com
Open sourceAI Browsers Vulnerable to Data Theft, Malware
bankinfosecurity.com
Open sourceSquareX Shows AI Browsers Fall Prey to OAuth Attacks, Malware Downloads and Malicious Link Distribution
hackread.com
Open sourceSquareX Shows AI Browsers Fall Prey to OAuth Attacks, Malware Downloads and Malicious Link Distribution
securityonline.info
Open sourceSquareX Shows AI Browsers Fall Prey to OAuth Attacks, Malware Downloads and Malicious Link Distribution
securitysenses.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.


