Browsers Can Now Do Tasks For You - Here's What Agentic AI Means

Since its inception, the functionality of the internet has evolved hugely. However, how we interact with it hasn't. It goes like this — search, scroll, select, take appropriate action — repeat as required. Latterly, AI has started to interrupt this flow, but mostly this has been in the form of an AI-generated response to a user's query. But, with the introduction of Agentic AI browsers, this could all be about to change. 

Let's begin by describing just what agentic AI is, and how it can change browsing habits. Unsurprisingly, these browsers use AI to act autonomously on a user's behalf, carrying out multi-step tasks rather than merely displaying search results. For instance, this means that rather than just using your browser to search for a flight, it can also search for the best deal and book it for you. The same process can be applied to booking restaurant tables, and online shopping. Additionally, they can cross-reference multiple open tabs, compile information summaries from multiple sources, and chat directly with any open webpage. 

This shift is changing the role of browsers from a tool for accessing the internet to an AI assistant that is an active participant in the browsing process. Or, as Opera describes its new Neon Browser, "a browser that can operate itself based on your intent, and browse with you and for you." But before you rush out and install a browser like OpenAI's ChatGPT Atlas browser, or Perplexity Comet, there are some definite security and privacy concerns to consider. 

Agentic AI browsers use large language models like ChatGPT, Gemini, and Claude to provide the reasoning "systems" powering the browsers. These are trained on vast datasets that give them the ability to interpret instructions, assess context, and produce coherent responses. At least, hopefully, as ChatGPT-style chatbots can "hallucinate". However, there is a fundamental difference in how agentic AI works. When compared to chatbot AI systems like ChatGPT, agentic AI systems are more proactive. In other words, they are more goal directed, and can plan and implement steps to achieve a given task. It's this ability to take a task from initiation to closed without any further or limited user interaction that is one of the main differentiators separating "agentic" from "traditional" AI. 

Another useful aspect is the ability to distinguish the context for the search. For instance, an agentic AI browser can learn to distinguish between work and personal queries and tailor the answer accordingly. 

And just to complete the "Swiss Army knife" feel of these tools, the basic functions of AI chatbots like Gemini, CoPilot, or ChatGPT are still available.  Although with agentic AI browsers, they're integrated into the heart of the browser rather than as an add-on or a website you browse to. So, any functions that you'd usually use these for are available from the browser's home page. This includes features like generating images, code generation, and brainstorming ideas. 

This all sounds very well and good, with agentic AI browsers becoming more like personal assistants than simply a tool for browsing the internet. However, before we all rush out and take the next big internet leap forward, there are some distinct and real downsides that you should consider. Already, ChatGPT Atlas has proven to be vulnerable to an attack type known as direct prompt injection. Essentially, this happens when the "AI" component of an agentic browser treats accessed information not as data, but as an instruction. For instance, The Register engineered a prompt injection that got ChatGPT to respond with "Trust No AI," instead of a requested document summary. 

Another AI browser with quickly identified vulnerabilities is Perplexity's Comet browser. Among the several worrying security failures was the browser's willingness to scan a blatant phishing email, visit the website, and then prompt the user for their banking details. It was also quite happy to purchase a fake Apple Watch from a fraudulent Walmart website, and can fail to differentiate between user instructions and untrusted internet content. 

Additionally, to act as a true personal assistant, an agentic AI browser requires access to personal data. This can include email accounts, cloud storage, bank details, and more. Essentially, allowing an agentic AI browser access to this level of information takes a high level of trust, and one that the AI industry has yet to earn. While there are undoubtedly useful features in these browsers, due diligence is absolutely essential when using them.