A.I. browsers: the price of admission is too high (vivaldi.com)

New “AI browsers” from startups and incumbents are reshaping the web by returning AI-synthesized pages and agentic assistants that act inside tabs — but early tests reveal serious trade‑offs. Reviewers found AI results that omit source links and encourage users to stay inside a generated “walled garden.” Vendors openly describe harvesting rich behavioral data (including third‑party marketing enrichment) to personalize ads, while default or confusing opt‑in/opt‑out settings let browsing content be used to train models. Independent audits and studies deepen the alarm: a BBC/EBU study found AI assistants misrepresent news 45% of the time, NewsGuard reported leading models repeated pro‑Kremlin Pravda claims ~33% of the time, and Digital 2025 shows most people go online primarily to find information — exactly what these agents now mediate. Technically, the new risk profile mixes classic LLM failure modes (hallucinations, training on unaudited corpora) with agentic vulnerabilities: prompt‑injection and memory‑poisoning attacks, remote code execution exploits, and phishing exposure that one security firm says can make agentic browsers up to ~90% more vulnerable than traditional ones. Demonstrated hacks include malicious calendar invites that hijack an agent to delete customer data. Beyond privacy and misinformation, this raises legal, safety and economic questions (lawsuits against ChatGPT, unclear confidentiality protections, and opaque monetization). Safer design choices exist — isolate LLMs, limit agent permissions, and require auditable sources — but the community must act fast to prevent AI browsers from turning the web into a closed, monetized feed.