AI browsers and data compliance

Artificial Intelligence29 Oct 2025

For decades, the corporate browser has been treated as a utility, like a safe, predictable window to the web. But 2025 has changed that perception entirely. The next generation of AI-enabled browsers — from ChatGPT’s Atlas and Perplexity’s Comet to Gemini-integrated Chrome — promise efficiency and intelligence. While these are big goals, the reality is that these browsers are quietly dismantling the privacy and security assumptions that underpin basic cyber-security and data protection.

AI browsers promise a grab bag of bells and whistles. They can summarise pages, complete forms, and perform multi-step actions on behalf of the user. In doing so, they stop being browsers and become something far more dangerous: autonomous agents with access to every session, cookie, and corporate credential you possess.

From window to agent

Traditional browsers are passive intermediaries. They fetch and render. AI browsers, however, decide. When you tell Comet to ‘book a meeting’ or ask Atlas to ‘summarise this article,’ you’re also permitting it to act using your logins, tokens and passwords. That makes it effectively indistinguishable from you in the eyes of the systems it interacts with.

The risks are that the AI cannot distinguish between a command given by the user or one inserted by a malicious attacker. In August 2025, researchers at Brave demonstrated that prompt-injection attacks could hijack AI browsers with nothing more than text hidden on a web page. A few weeks later, LayerX revealed a related exploit known as CometJacking, where a single crafted URL could instruct an AI browser to read its own memory, retrieve Gmail or calendar data, encode it, and send it to a remote server – all without any visible download or malware.

From a technical perspective, the exploit was elegant. From a compliance perspective, it was catastrophic. It proved that an AI browser could perform unlawful data processing entirely on its own initiative, and that traditional defences would never detect it.

Invisible data leaks and blurred accountability

What makes AI browsers so troubling is that their misuse doesn’t look like an attack. Network monitors see legitimate traffic. Firewalls see authenticated users. Even endpoint protection systems are blind, because the actions originate from the approved browser itself.

The result is a compliance black hole: data can leave the organisation without any breach being recorded, without any user knowingly participating, and without any log explaining what happened.

In regulatory terms, that breaches several core pillars of UK and EU data protection law.

● Transparency: Users can’t give informed consent for processing they can’t see.

● Data minimisation: AI agents indiscriminately process every element on a page.

● Accountability: Controllers can’t document or reconstruct autonomous decisions made by a model.

Once an AI browser begins ‘acting on behalf’ of the user, the audit trail evaporates. There is no clear controller or processor. There’s only a trail of actions no one authorised.

A GDPR problem hiding in plain sight

The most worrying aspect is how easily these tools slip into professional workflows. Many employees have already started experimenting with AI browsing features embedded in Chrome or Edge, unaware that their actions could breach internal data protection policies and leave their organisations vulnerable.

For instance, OpenAI’s Atlas includes a ‘Memories’ feature that personalises responses by remembering browsing history. Even if users deactivate this feature, the system continues to process full-page content to provide context. That creates a rich behavioural dataset which, under GDPR, qualifies as personal data. Without a lawful basis, that’s unlawful processing – plain and simple.

And while Google’s Gemini integration in Workspace is more tightly controlled, it introduces a different kind of risk: architectural. Because Gemini sits above multiple apps such as Gmail, Docs, and Sheets, any compromise in the AI layer could cascade across an entire corporate environment. A single vulnerability could expose emails, documents, and shared drives in one sweep.

The takeaway for privacy officers is clear: AI browsers turn compliance assumptions upside-down. The browser is no longer neutral; it is a data processor in its own right.

Closing the governance gap

Despite the magnitude of this change, few organisations have policies that even mention AI browsers. Compliance manuals still focus on phishing and device encryption, not on autonomous software operating within user sessions. This governance gap leaves CISOs and Data Protection Officers scrambling to interpret existing controls for technologies that didn’t exist two years ago.

To bridge that gap, organisations require a firm but straightforward stance:

Classify AI browsers as high-risk tools requiring explicit authorisation before use.
Block access to authenticated services such as client portals, CRMs, and email systems.
Disable memory and agent features at the device-management level.
Run Data Protection Impact Assessments (DPIAs) before any pilot deployment.
Educate staff – many employees view AI browsing as harmless experimentation and don’t understand the underlying security risks.

Compliance frameworks must evolve to cover not just the data that’s shared, but the decisions made by software on our behalf.

The next frontier of compliance risk

AI browsers represent a shift from reactive cyber-security to proactive governance. “Is it safe?” isn’t the only question; “Who’s responsible when it goes wrong?” Which party is responsible if an autonomous browser spills client data—the user, the developer, or the employer?

Until regulators provide clear guidance, the safest answer is also the simplest: keep AI browsers out of your corporate network. Treat them as experimental tools to be sandboxed, not as everyday utilities to be trusted.

Nick Henderson-Mayo is Head of Compliance at VinciWorks

Main image courtesy of iStockPhoto.com and asbe