Skip to main content
Meet us at Black Hat USA 2026— Las Vegas, August 1–6Book a Meeting
Mallory
Back to intelligence
ai-platform-securityprivacy-surveillance-policyendpoint-software-vulnerabilitywidely-deployed-product-advisory

Privacy and Security Risks in AI-Powered Browser Agents

Updated 26m agoFirst seen Dec 22, 20252 sources

A recent academic study has revealed significant privacy and security vulnerabilities in eight popular AI-powered browser agents, including ChatGPT Agent, Google Project Mariner, and Amazon Nova Act. The research identified 30 vulnerabilities across areas such as agent architecture, handling of unsafe sites, cross-site tracking, and the disclosure of personal data. Notably, most agents rely on off-device language models, resulting in sensitive user data being transmitted to third-party servers, and some agents were found to use outdated browsers with known security flaws, increasing the risk of exploitation.

In response to these emerging threats, OpenAI has implemented continuous security hardening for its ChatGPT Atlas browser agent, focusing particularly on defending against prompt injection attacks. Leveraging automated red teaming and reinforcement learning, OpenAI has proactively identified and mitigated new classes of prompt-injection exploits, recently shipping a security update with adversarially trained models and enhanced safeguards. These efforts underscore the ongoing challenge of securing AI-driven browser agents as they become increasingly integrated into user workflows and targeted by adversaries.

Share:
Privacy and Security Risks in AI-Powered Browser Agents
Stay ahead

Get ahead of threats like this

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.

EVENT TIMELINE

How this story unfolded

3 events from the most recent confirmed update back to the earliest known activity.

3 EVENTS
Dec 22, 20256mo ago

OpenAI publishes work on hardening ChatGPT Atlas against prompt injection

OpenAI published a blog post describing ongoing efforts to strengthen ChatGPT Atlas against prompt injection attacks. The reference indicates a public disclosure of defensive work, but provides no further event details in the supplied content.

Researchers recommend privacy-focused improvements for browser agents

Following the study, the researchers urged browser-agent developers to work with privacy experts and adopt automated test suites to improve privacy protections. They also said they plan to release additional tools and datasets to support ongoing privacy testing.

Academic study evaluates eight browser agents for privacy and security risks

A 2025 academic study assessed eight popular browser agents, including ChatGPT Agent, Google Project Mariner, and Amazon Nova Act, and identified 30 vulnerabilities across five privacy and security risk areas. The findings included issues such as off-device language model use, outdated browser versions, weak phishing and TLS warning handling, cross-site tracking weaknesses, automatic acceptance of privacy prompts, and unnecessary disclosure of personal data.

The operational view lives in Mallory

See the full picture, correlated to your attack surface.

This page covers what’s public. Mallory adds the parts that aren’t — which of your assets are affected, which threat actors are using it right now, which detections to deploy, and what to do next.
Exposure mapping

Map indicators from this story to your assets and identify affected systems in minutes.

Threat actor evidence

Every observed campaign, victim, and pivot linked to actors named in this story.

Associated malware

Malware, exploits, and IOCs connected to the activity described here.

Detection signatures

YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.

Scheduled alerts

Get matching new stories delivered to your team as they break — not the next morning.

AI threads

Ask questions about this story and take action on the answers.