AI Browsers Like Comet Easily Fooled by Scams, Study Finds

AI-powered browsers like Comet by Perplexity and Dia by The Browser Company can perform complex tasks through agents acting on behalf of users. But a new report from Guardio reveals these same agents are highly susceptible to fraud.

Guardio, a startup focused on real-time browser protection, tested how Comet handles fake websites, phishing emails, and hidden commands. In a simulation involving a fake Walmart website, Comet loaded the page without warning and completed a purchase using the user’s payment details — despite clear signs the site was fraudulent.

In another test, researchers sent a phishing email disguised as a message from Wells Fargo. The AI agent treated it as a legitimate request, followed the link, and submitted banking credentials on a fake page.

A third scenario revealed a growing threat: invisible instructions embedded into websites. AI agents executed these silently, potentially downloading malicious files or leaking personal information.

As stated in the report: «If AI agents are to handle our emails, shop for us, manage our accounts, and act as our digital front line, they must inherit the proven protections we already rely on in human-centric browsers».

For now, AI browser developers focus more on user convenience, often relying on external tools like Google Safe Browsing — which Guardio argues are insufficient.

User comments summarize the sentiment: «It’s like going back to the era of zero cyber hygiene — only now it’s the AI making the mistakes».