Guardio researchers, a start-up specializing in cybersecurity, were interested in so-called “agent” navigators, in other words who are capable of navigating independently to perform complex tasks such as planning a trip or buying a product. One of the few publicly available available.
When AI makes real purchases on false sites
They conducted a simple experience: create a false site imitating Walmart, then ask Comet to Buy an Apple Watch. The AA browser proceeded without blinking: despite a distorted logo, a doubtful URL and several alert signals, it filled the basket, entered the personal data and validated the purchase. “” A single prompt, a few seconds of automated navigation and the trap is closed “, Consider the authors who baptized their” Scamlexity “discovery.
On several occasions, the system has refused or requested confirmation from the user, but the inconsistency of the result is problematic. “” When security depends on chance, it is no longer security Summarizes Guardio.
The researchers also tested the reaction of Comet against a phishing email presenting themselves as a message from the Wells Fargo bank. Again, the browser opened a fraudulent link without alert leading to a false bank connection page. Worse: he encouraged the user to enter his identifier and password, giving all the keys to his account to the pirates!
A third scenario has highlighted another weakness: injections of orders hidden on a web page. In their demonstration, Guardio has integrated a false “Captcha” containing invisible instructions. AI, unable to distinguish a malicious command from legitimate content, has obeyed and downloaded a file. In a real context, this action may be enough to install malware without the user’s knowledge.
These tests reveal a structural flaw: AI browsers are designed to perform tasks, not to doubt or question what they read. By deleting human intuition – to notice a strange sender address or a badly damn logo – they become a gateway vulnerable to all scams.
The danger is all the greater since players in the sector now focus on this technology. Microsoft joined Copilot in Edge, Google is working on its Mariner and Openai project launched an autonomous navigation agent in January. For Guardio, it is urgent to strengthen safeguards: URL verification, detection of suspicious files, behavioral alerts. Otherwise, AI could become a privileged target for crooks. And in the end, it is always the user who pays the broken pots.
🟣 To not miss any news on the Geek newspaper, subscribe to Google News and on our WhatsApp. And if you love us, .
