Orion Browser has found another reason to push back against AI-powered browsers, and this time it’s pointing to new academic research.
The browser maker shared a post on X highlighting a study from the University of Washington that looked at security in so-called agentic browsers. Orion’s takeaway was pretty straightforward. If a browser doesn’t have an AI agent built into it, it doesn’t have to worry about this particular class of attacks.
The paper focuses on the same-origin policy, a security rule that’s been around for decades. It’s what stops one website from freely reading data from another. According to the researchers, AI agents complicate that because they’re designed to pull information from multiple tabs and websites while completing tasks for the user.
That becomes a problem if someone manages to trick the AI.
As part of the research, the team showed an attack against OpenAI’s ChatGPT Atlas. A malicious webpage was able to feed hidden instructions to the browser’s AI agent, which then pulled information from another site and sent it to a form controlled by the attacker.
The researchers didn’t stop there. They also found that Chrome with Gemini, Claude for Chrome, and Perplexity Comet all met the conditions needed for similar attacks, although they didn’t demonstrate full exploits against each one.
Orion says this is exactly why it has stayed away from shipping built-in AI features. In its post, the company pointed out that browser agents work with your cookies, your logged-in accounts, and your active sessions. If an attacker manages to manipulate the agent, they aren’t just targeting one website anymore.
This isn’t the first paper to raise concerns about prompt injection either. Brave’s security team recently published its own research showing that even local AI assistants aren’t completely safe. Their proof of concept targeted Cotypist and showed how hidden instructions inside webpages could influence the assistant, despite everything running on the user’s own machine. We’ve covered those details here.
The University of Washington researchers aren’t saying people should stop using AI browsers. Their recommendation is a lot more measured. They argue that browser vendors still have work to do before these agents can safely operate with broad access across the web.
Orion, unsurprisingly, sees things differently. It says the easiest way to avoid these risks is not to build an AI agent into the browser in the first place.
The post Orion Browser points to recent UW study to argue AI browsers aren’t safe yet appeared first on PiunikaWeb.