Gartner Urges Enterprises Block AI Browsers Over Data Leak Risks
Gartner advises blocking AI browsers like ChatGPT Atlas and Perplexity Comet due to irreversible data exposure, prompt injections, and untraceable leaks from cloud AI backends.
Analyst firm Gartner strongly recommends that organizations block all AI browsers immediately, citing severe cybersecurity risks from tools like OpenAI's ChatGPT Atlas and Perplexity Comet. These agentic browsers prioritize user experience over security, sending sensitive data such as open tabs, browsing history, and active sessions to cloud-based AI services without adequate safeguards. This leads to potential irreversible and untraceable data loss, undermining compliance in regulated environments.
Gartner's advisory, authored by analysts Dennis Xu, Evgeny Mirolyubov, and John Watts, highlights vulnerabilities like indirect prompt injections that trick AI agents into rogue actions, such as navigating to phishing sites or mishandling credentials. Autonomous agents in these browsers expand the attack surface by filling forms or performing tasks in logged-in sessions, exposing financial details or confidential information. Even hardened configurations fall short, as employees might unknowingly process sensitive data through AI sidebars for summarization or automation.
Enterprises face heightened risks in scenarios involving confidential or regulated data, where AI browsers could bypass security policies and enable malicious manipulations. Gartner stresses assessing backend AI services but advises outright bans for most organizations due to management burdens and persistent threats like inaccurate AI reasoning leading to errors. Technical mitigations, such as disabling storage or email functions, prove insufficient without continuous monitoring and strict policies.
