Gartner has issued a significant warning regarding the use of AI browsers, stating that they pose major cybersecurity risks and should be blocked for the foreseeable future. According to Gartner, these browsers, which include features that allow users to interact with content and automate tasks, may lead to serious vulnerabilities, such as prompt injection attacks that can expose sensitive data, including user credentials. Gartner emphasizes that the risks associated with AI browsers are not yet fully understood, and it could take years to grasp their potential dangers. The organization advises businesses to avoid these technologies to prevent data loss and security breaches. Meanwhile, individual users should also exercise caution, as the functionality of these browsers could inadvertently lead them to malicious websites, further heightening the risk of exposure to cyber threats.
Google is enhancing user security for Chrome’s agentic features, which allow browsers to perform tasks like booking tickets and shopping on behalf of users. The company is implementing a User Alignment Critic model to ensure that the tasks proposed by the planner model align with user goals, focusing on metadata rather than the actual web content. To mitigate security risks, Google has established Agent Origin Sets that restrict access to certain site origins and prevent cross-origin data leaks. Users will also retain control over sensitive actions, such as navigating to banking sites, with the agent requiring explicit permission for actions involving personal data. Additionally, Google is employing a prompt-injection classifier to thwart unwanted actions and is actively testing its capabilities against potential security threats.
A recent report highlights the growing shift from traditional passwords to passkeys for secure authentication. According to the FIDO Alliance, over 2 billion passkeys are currently in use, marking a significant trend towards phishing-resistant multifactor authentication. This method, which utilizes cryptographic key pairs stored on devices, has been adopted by major companies including Amazon, Google, and Microsoft. Early adopters of passkeys reported a 30 percent higher sign-in success rate and a 73 percent reduction in sign-in time compared to other methods, indicating a strong preference for this more secure and efficient approach to identity verification.
Why do we care?
This is one of those moments where the security community collectively says, “Stop. This isn’t ready.” Gartner rarely drops a full stop-sign on a technology, but AI browsers earned one. And honestly, they’re right. Putting an AI agent inside a browser—the place where all your credentials, tokens, and sensitive workflows live—creates a blast radius we don’t even know how to measure yet. This is the definition of harm that’s hard to unwind.
Google’s trying to engineer their way around the problem with alignment critics and classifiers, but notice what’s missing: confidence. These are band-aids on an architecture never designed for agents. If an attacker can manipulate the page, they can manipulate the agent. And once the browser starts acting on your behalf, that becomes a very real risk.
Now look at the contrast: passkeys are actually solving a long-standing problem. They reduce phishing, improve success rates, and streamline the login experience. Identity is getting better right as browsing is getting more unpredictable. That’s a weird tension for MSPs to manage.
This is one of the few times where the security advice is both simple and urgent: block AI browsers for now. Don’t let your customers be the test case. Focus instead on the identity improvements that are actually ready—passkeys, phishing-resistant MFA, and reducing password dependencies. The future of secure browsing might eventually involve agents, but the current generation is not where you want business data to live. I was testing them – I just uninstalled them.