Quartz – The companies building them have decided that’s a risk worth taking: “In October, OpenAI launched Atlas, its ChatGPT-powered browser designed to go head-to-head with Google Chrome. Perplexity has Comet. Opera (remember them?) unveiled Neon. Mozilla, which built its entire brand on being the browser you can trust, just announced an “AI Window” for Firefox. Google keeps weaving Gemini deeper into Chrome. The message from Silicon Valley is unmistakable. All these companies are promising browsers that don’t just load web pages but actually understand them. Browsers that can shop for you, summarize your emails, book your travel, and handle the tedious stuff while you do something more interesting. The pitch is compelling. The security situation is not. The security team for the Brave browser (which is also introducing AI features) published a series this fall showing just how vulnerable AI browsers are to prompt injection, a type of attack where hidden instructions manipulate an AI into doing things the user never asked for. In tests with Perplexity’s Comet, researchers embedded invisible commands inside an image on a web page. When a user asked the browser to summarize the page, it instead navigated to the user’s Perplexity account, extracted their email address, and sent that data to an external server. No approval requested, none given. Another test demonstrated that OpenAI’s Atlas could be manipulated by instructions hidden in ordinary online documents, causing it to change settings without user consent. OpenAI’s chief information security officer acknowledged on X that prompt injection remains “a frontier, unsolved security problem.” The company launched Atlas anyway…”

See also PC World: 7 essential tips to maximize AI security. AI can be a bit scary, but if you pay attention to privacy, double-check your facts, and take control of your data, you can use it safely and smartly.