18 hours ago
AI browsers may be the best thing that ever happened to scammers
We've heard a lot this year about AI enabling new scams, from celebrity deepfakes on Facebook to hackers impersonating government officials . However, a new report suggests that AI also poses a fraud risk from the other direction — easily falling for scams that human users are much more likely to catch.
The report, titled "Scamlexity," comes from a cybersecurity startup called Guardio, which produces a browser extension designed to catch scams in real time. Its findings are concerned with so-called "agentic AI" browsers like Opera Neon , which browse the internet for you and come back with results. Agentic AI claims to be able to work on complex tasks, like building a website or planning a trip, while users kick back.
There's a huge problem here from a security perspective: while humans are not always great at sorting fraud from reality, AI is even worse. A seemingly simple task like summarizing your emails or buying you something online comes with myriad opportunities to slip up. Lacking common sense, agentic AI may be prone to bumbling into obvious traps.
The researchers at Guardio tested this hypothesis using Perplexity's Comet AI browser , currently the only widely available agentic browser. Using a different AI, they spun up a fake website pretending to be Walmart, then navigated to it and told Comet to buy them an Apple Watch. Ignoring several clues that the site wasn't legit, including an obviously wonky logo and URL, Comet completed the purchase, handing over financial details in the process.
In another test, the study authors sent themselves an email pretending to be from Wells Fargo, containing a real phishing URL. Comet opened the link without raising any alarms and blithely dumped a bank username and password into the phishing site. A third test proved Comet susceptible to a prompt injection scam, in which a text box concealed in a phishing page ordered the AI to download a file.
It's just one set of tests, but the implications are sobering. Not only are agentic AI browsers susceptible to new types of scam, they may also be uniquely vulnerable to the oldest scams in the book. AI is built to do whatever its prompter wants, so if a human user doesn't notice the signs of a scam the first time they look, the AI won't serve as a guardrail.
This warning comes as every leader in the field bets big on agentic AI. Microsoft is adding Copilot to Edge , OpenAI debuted its Operator tool in January , and Google's Project Mariner has been in the works since last year. If developers don't start building better scam detection into their browsers, agentic AI risks becoming a massive blind spot at best — and a new attack vector at worst.
