Should you quit Chrome now?
SOPA Images/LightRocket via Getty Images
The question is not if — it’s when. We will all use an AI browser soon. But which one and how soon. Meanwhile, Chrome dominates on both PCs and mobiles and no pureplay AI browser is noisier than Comet. So for now this is one versus the other.
As with everything else AI related, the critical decision factor is security and privacy. Your web browser is your window on the world — and it’s not one way. It’s the most serious weak spot on your phone or PC. You look out as attackers look in.
In a stark new report today, SquareX says it has “exposed major vulnerabilities that could allow attackers to exploit AI Browsers to exfiltrate sensitive data, distribute malware and gain unauthorized access to enterprise SaaS apps.”
Perplexity is firmly in SquareX’s crosshairs. In its testing, SquareX says, “Comet fell prey to an OAuth attack, providing attackers with full access to the victim’s email and Google Drive. This allowed attackers to exfiltrate every file stored on the victim’s account, including those shared by colleagues and customers.”
That’s not all. In a separate attack, “the AI browser was completing tasks in the user’s inbox — a common use case advertised by Comet itself — when it ended up distributing a malicious link to the victim’s colleague through a calendar invite.”
This research follows a similar warning from LayerX, which says “a single weaponized URL, without any malicious page content, is enough to let an attacker steal any sensitive data that has been exposed in the Comet browser.”
According to LayerX, “an attacker only needs to get a user to open a crafted link, which can be sent via email, an extension, or a malicious site, and sensitive Comet data can be exposed, extracted, and exfiltrated.”
In reality, all the AI browsers need to catch up and harden their defenses. This is new and very thin ice, and we are only just beginning to understand the attack vectors.
“Despite claims of being more secure,” SquareX CEO Vivek Ramachandran told me, “autonomous agents with full user privileges can now operate without human oversight, lacking the security awareness and common sense of even a minimally trained user.”
Change is coming and it’s coming fast. Venn CEO David Matalon says “we’re seeing an interesting shift in browser usage among our customers’ remote employees and contractors. The use of novel, non-traditional browsers (not Chrome, Edge, or Safari) is up 14% year over year, driven largely by the promise of AI-powered productivity.”
While Menlo Security’s Pejman Roshan warns browsers are the primary application we use “for almost everything. So should one switch from the leading browser to the new and exciting AI browsers? It depends on what matters most to you.”
And that drives timing. You will switch but you do need to decide whether the time is now. And if you do, beware the raft of warnings around AI browsers and agents.
As for the choice between Chrome and Comet, Google needs to change the narrative.
LayerX CEO Or Eshed says “AI browsers are going to become the primary interface for consuming AI technology. It’s is still an emerging technology, but traditional browsers are already responding.” And so the choice is ultimately no choice at all.
In response to this latest report, Perplexity’s Kyle Polley told me “the vulnerability described by this report has nothing to do with AI. The report describes a situation where a human was phished and asked an AI agent to do what the human was already tricked into doing. (E.g., “go to this site and log in if needed” yet the vulnerability is that the agent logged in.). The AI agent is doing what it’s told; if the enterprise security team had controls over that log in event, it would have been blocked for both the agent and the human. This vulnerability has existed for 20 years.”