AI browsers and phishing: are your controls keeping up?

TL;DR: LayerX found that Perplexity’s Comet and Genspark blocked only 7% of 100 tested phishing sites, compared with 47% for Chrome and 54% for Edge, and said the gap leaves AI browsers up to 85% more exposed to web attacks than Chrome. In nhimg.org terms, browser-mediated AI access creates a control plane that existing reputation-based protections were never designed to govern.

NHIMG editorial — based on content published by LayerX Security: LayerX finds that Perplexity's Comet browser is up to 85% more vulnerable to phishing and web attacks than Chrome

By the numbers:

• LayerX’s built-in AI protections achieve a 98% accuracy rate in detecting phishing attempts.

Questions worth separating out

Q: How should security teams govern AI browsers in enterprise environments?

A: Treat AI browsers as an access layer, not just a client application.

Q: Why do AI browsers create more phishing risk than standard browsers?

A: AI browsers can process page content and take actions inside authenticated sessions, which means malicious instructions can influence both what the user sees and what the browser does.

Q: How do organisations measure whether browser phishing controls are working?

A: Measure how often the browser blocks known malicious pages, how it handles zero-day phishing links, and whether it can resist hidden instructions inside web content.

Practitioner guidance

• Classify AI browsers as a separate access channel Add AI browsers to endpoint, browser, and identity policy baselines so they are reviewed as a distinct control surface with their own acceptable-use and session-risk rules.
• Block browser-assisted access to high-risk sessions until controls exist Restrict AI browser use for email, finance, HR, and admin portals until you can enforce session monitoring, content inspection, and step-up controls for sensitive workflows.
• Test phishing resilience against content-based attacks Run purple-team exercises with malformed pages, hidden instructions, and rotating phishing URLs to see whether the browser blocks the page or lets the model act on it.

What's in the full report

LayerX Security's full blog post covers the benchmark method and browser-by-browser findings this post intentionally leaves at a higher level:

• The full test methodology for the 100 phishing sites drawn from OpenPhish and PhishTank.
• Browser-by-browser blocking examples showing where Comet, Genspark, Dia, Chrome, and Edge diverged.
• The detailed explanation of how Google Safe Browsing and network-level certificate checks influenced results.
• The indirect prompt injection discussion that connects browser behaviour to unauthorized actions inside authenticated sessions.

👉 Read LayerX Security's analysis of AI browser phishing exposure and control gaps →

AI browsers and phishing: are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →