Panda Security says a new class of AI browsers can be tricked into spending money and leaking bank account details, exposing users to fraud on a scale not yet seen.
The cybersecurity firm says it tested so-called agentic browsers like Comet from Perplexity, which can automatically surf the web, fill out forms, make purchases, and manage accounts.
Unlike voice assistants such as Siri or Alexa, these browsers are designed to act without explicit human approval.
To test the resilience of AI browsers, researchers created scenarios that mimicked common online scams. The goal was to see whether the AI systems could detect suspicious activity or would carry out fraudulent instructions as if they were legitimate tasks.
In one trial, researchers sent the AI browser a phishing email disguised as a message from a major bank, complete with a malicious link. Rather than flagging or deleting it, the system clicked through and carried out the fraudulent instructions.
“The AI browser treated it like a legitimate task, clicked the malicious link, and typed in the user’s bank username and password on the fake website.”
In another, they created a counterfeit Walmart site with a warped logo, a bogus address, and other obvious red flags. When instructed to purchase an Apple Watch, the AI browser completed the order as if nothing was amiss.
“But the AI browser completed the entire purchase, entering saved payment information and processing the fraudulent transaction.”
The firm warns that such weaknesses create openings for cybercriminals to operate at scale. A single exploit could target millions of users who rely on AI browsers to manage tasks online, multiplying the potential impact.
“The scariest part? These AI browsers are designed to be helpful above all else. They want to complete tasks and make users happy, which means they’ll bend over backward to do what they think you want—even when ‘what you want’ is actually a scammer’s instruction disguised as a legitimate request.”
Disclaimer: Opinions expressed at CapitalAI Daily are not investment advice. Investors should do their own due diligence before making any decisions involving securities, cryptocurrencies, or digital assets. Your transfers and trades are at your own risk, and any losses you may incur are your responsibility. CapitalAI Daily does not recommend the buying or selling of any assets, nor is CapitalAI Daily an investment advisor. See our Editorial Standards and Terms of Use.