Privacy and Security Risks in AI-Powered Browser Agents
A recent academic study has revealed significant privacy and security vulnerabilities in eight popular AI-powered browser agents, including ChatGPT Agent, Google Project Mariner, and Amazon Nova Act. The research identified 30 vulnerabilities across areas such as agent architecture, handling of unsafe sites, cross-site tracking, and the disclosure of personal data. Notably, most agents rely on off-device language models, resulting in sensitive user data being transmitted to third-party servers, and some agents were found to use outdated browsers with known security flaws, increasing the risk of exploitation.
In response to these emerging threats, OpenAI has implemented continuous security hardening for its ChatGPT Atlas browser agent, focusing particularly on defending against prompt injection attacks. Leveraging automated red teaming and reinforcement learning, OpenAI has proactively identified and mitigated new classes of prompt-injection exploits, recently shipping a security update with adversarially trained models and enhanced safeguards. These efforts underscore the ongoing challenge of securing AI-driven browser agents as they become increasingly integrated into user workflows and targeted by adversaries.

Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
OpenAI publishes work on hardening ChatGPT Atlas against prompt injection
OpenAI published a blog post describing ongoing efforts to strengthen ChatGPT Atlas against prompt injection attacks. The reference indicates a public disclosure of defensive work, but provides no further event details in the supplied content.
Researchers recommend privacy-focused improvements for browser agents
Following the study, the researchers urged browser-agent developers to work with privacy experts and adopt automated test suites to improve privacy protections. They also said they plan to release additional tools and datasets to support ongoing privacy testing.
Academic study evaluates eight browser agents for privacy and security risks
A 2025 academic study assessed eight popular browser agents, including ChatGPT Agent, Google Project Mariner, and Amazon Nova Act, and identified 30 vulnerabilities across five privacy and security risk areas. The findings included issues such as off-device language model use, outdated browser versions, weak phishing and TLS warning handling, cross-site tracking weaknesses, automatic acceptance of privacy prompts, and unnecessary disclosure of personal data.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.


