AI agents can control the browser and take on constantly recurring, extensive tasks. When using various search engines such as Google, an overview generated with AI often appears when a term or search query has been entered. In browsers such as Chrome, Firefox or Edge, AI agents can independently take over the operation, combine information from different sources and generate data.
However, AI agents in the browser do not only have advantages. They can become a security risk.
AI agents as future technologies
AI agents are among the largest future technologies and can be used by private individuals as well as companies. You perform repetitive tasks that are time-consuming. The AI agents learn and can carry out more and more tasks autonomously.
The AI agents can now also operate browsers such as Chrome, Firefox or Edge independently.
This seems to be a big step forward as they use different sources of information, filtering and merging the information.
What appears to be progress on the one hand can also become a security risk on the other. The company SquareX is concerned with the cybersecurity of web browsers and is now warning about the cybersecurity of web browsers when using AI agents. Forbes magazine refers to SquareX and sums it up. Employees are the weakest link in a company, as every security professional knows. The question is what happens when browser agents take over the tasks of employees. This could make the security risk even greater.
When AI agents become a security risk
SquareX warns that AI agents in the browser pose a massive security risk to companies. The AI agents are trained to complete their assigned tasks, but in doing so they do not understand how their actions impact security.
The AI agents have no understanding of cybersecurity. Warning signals such as incorrect access queries, incorrect URLs or a website design that appears incorrect are sometimes obvious to people. Things are different with AI agents. They don't recognize such warning signs. They also ignore such warning signals when downloading, which can lead to many problems.
In its proofs of concept, SquareX tasked a browser AI agent with finding a file-sharing tool. The AI agent had to register there, but then succumbed to an OAuth attack. OAuth is intended to enable quick access to services without asking for a password or requiring two-factor authentication.
The AI agent granted full access to the user's email account during an attack by a malicious app, despite several suspicious signals.
Employees would likely have been discouraged from granting such permissions due to such signals, unknown brands, irrelevant permissions, and suspicious URLs. The AI agent did not detect these threats.
How companies can protect themselves
Chrome users are particularly affected by AI agents as a security vulnerability. One reason for this is the high number of users of this browser. Companies, but also private individuals, can protect themselves from the dangers posed by AI agents if they make the appropriate settings in their browser.
Such settings are possible on Chrome and Edge. Users of AI agents in the browser should enable these security features and set the settings to the highest level. One such setting is Advanced Protection. In Chrome it can be selected under “Privacy and Security”.
With AI agents in the browser, even the best technical protection is not completely secure. This is because these AI agents do not yet have a true understanding of cybersecurity. AI applications should therefore be configured as restrictively as possible. The permissions for the AI agent must be narrow. Companies should avoid automated access to sensitive areas.
As with classic IT security, the use of AI agents also requires continuous training of employees. Companies should monitor the activities of AI agents. Access rights should be checked regularly.
Source: https://www.blog.de/wie-nuetzlich-ki-agenten-im-browser/
