Agentic browsers are all the rage, even I've been writing about them as of late, but Gartner (Yes, that Gartner) has issued a warning that this new technology is "too risky for most organizations to use".

AI browsers, such as OpenAI’s ChatGPT Atlas, are often employed to boost efficiency by using autonomous navigation, workflows, and data collection - but they can be tricked by malicious webpages into collecting and transferring sensitive information such as bank account details, credentials, and emails. - TechRadar

As with all new technologies, risks counter equally with new opportunities — Agentic browsers are no different.

Gartner’s fears about the agentic capabilities of AI browser relate to their susceptibility to “indirect prompt-injection-induced rogue agent actions, inaccurate reasoning-driven erroneous agent actions, and further loss and abuse of credentials if the AI browser is deceived into autonomously navigating to a phishing website.” - The Register

This is new territory, thus this technology has yet to be flushed out with safeguards. The idea that a consumer or business can trust an agentic service with credit card or payment information is short sighted, at least at this point in the early adoption phase. Too many prompt injections, phishing attacks, and false positives are too risky at this juncture to warrant browsers (or even most consumers) at this phase to use it as a smart shopper.

The risks far outweigh the positives at this point when we consider autonomous tasks with the number of false positives and the higher-than-normal risk of unsecure financial information within these platforms and products.

We are at the stage of agentic browsing where every GenAI company has a 'me too' strategy when releasing these products, feeling the need to release them without any thought or security concerns in mind just to beat their closest competitors to the market.

This is not to say that it will always be this way. Gartner is telling firms to be careful at this stage of the game where this technology is too new to be time tested, and where anything can happen such as payment fraud, MCP's purchasing items that a business did not ask for, or taking initiative to make plans on a users' behalf without consultation because it assumes it's what was instructed to do.

But overall, the trio of analysts think AI browsers are just too dangerous to use without first conducting risk assessments and suggest that even after that exercise you’ll likely end up with a long list of prohibited use cases – and the job of monitoring an AI browser fleet to enforce the resulting policies. - The Register

IT departments must be more proactive and issue pushback among executives who initiate "full throttle AI plans" for the sake of having AI and assuming it's automatically positive. Gartner isn't warning business to never use this technology but rather conduct proper assessments as a firm would any other technology about to be implemented across a company.

The same rules apply with agentic browsing as they do any new technology — the early adopters must be just that — willing to take these risks in pilot programs within a small, sandboxed environment before rolling out the product to the full range of users. It's important to also realize with how quickly this technology is evolving, this sandboxed environment must be supported for an extended period of time.