TLDR: A new study by Israeli cybersecurity firm Guardio reveals that AI-powered browsers and autonomous agents are highly susceptible to deception, creating a novel frontier for fraud. These AI systems can be manipulated into performing malicious actions like making unauthorized purchases, falling for phishing scams, and exposing sensitive user data, primarily because they lack human-like skepticism and context awareness.
A groundbreaking report released on August 20, 2025, by Guardio, an Israeli cybersecurity company, has exposed significant security flaws in the burgeoning field of AI browsers and autonomous AI agents. The research indicates that these advanced browsing tools can be ‘easily deceived,’ shifting the focus of cyber fraud from tricking human users to manipulating artificial intelligence itself.
The findings highlight a critical vulnerability: AI browsers, including those from competitors like Perplexity (with its ‘Comet’ browser), Microsoft (Edge), and upcoming offerings from OpenAI, are designed with user experience as a primary focus, often at the expense of robust security. This design philosophy leaves them prone to inherent flaws, such as a tendency to act without full context, to trust too easily, and to execute instructions without the natural skepticism a human user would possess.
Guardio’s study details a range of alarming consequences. These AI systems can be tricked into initiating automatic purchases on fraudulent websites, succumbing to simple phishing attacks that could compromise users’ bank accounts, and even downloading malicious files onto computers. Furthermore, the report warns that AI can be manipulated to send emails containing personal information or grant unauthorized access to a user’s file storage services, effectively allowing attackers to control the user’s AI.
One stark example cited in the research involved Perplexity’s Comet AI browser. Researchers sent a simulated phishing email, impersonating a bank, which included a link to a real, active phishing site. Comet, without any verification of the website address or warning to the user, directly clicked the malicious link. Upon loading the fake bank page, the AI treated it as legitimate, prompting the user to enter login details and even assisting in the autofill process.
Also Read:
- Generative AI Fuels Surge in Sophisticated Phishing Campaigns
- Google Warns Gmail Users of AI-Powered Cyberattacks Exploiting Hidden Commands in Emails
This new era of fraud means that criminals no longer need to directly deceive the user; they only need to deceive the AI. When this occurs, the user ultimately bears the consequences. Guardio emphasizes the urgent need to significantly enhance the security protocols of AI browsers and agents before their widespread mainstream adoption, underscoring that the current collision of AI convenience with an invisible fraud landscape could turn humans into ‘collateral damage.’
