TL;DR: LayerX found that Perplexity’s Comet and Genspark blocked only 7% of 100 tested phishing sites, compared with 47% for Chrome and 54% for Edge, and said the gap leaves AI browsers up to 85% more exposed to web attacks than Chrome. In nhimg.org terms, browser-mediated AI access creates a control plane that existing reputation-based protections were never designed to govern.
NHIMG editorial — based on content published by LayerX Security: LayerX finds that Perplexity's Comet browser is up to 85% more vulnerable to phishing and web attacks than Chrome
By the numbers:
- LayerX’s built-in AI protections achieve a 98% accuracy rate in detecting phishing attempts.
Questions worth separating out
Q: How should security teams govern AI browsers in enterprise environments?
A: Treat AI browsers as an access layer, not just a client application.
Q: Why do AI browsers create more phishing risk than standard browsers?
A: AI browsers can process page content and take actions inside authenticated sessions, which means malicious instructions can influence both what the user sees and what the browser does.
Q: How do organisations measure whether browser phishing controls are working?
A: Measure how often the browser blocks known malicious pages, how it handles zero-day phishing links, and whether it can resist hidden instructions inside web content.
Practitioner guidance
- Classify AI browsers as a separate access channel Add AI browsers to endpoint, browser, and identity policy baselines so they are reviewed as a distinct control surface with their own acceptable-use and session-risk rules.
- Block browser-assisted access to high-risk sessions until controls exist Restrict AI browser use for email, finance, HR, and admin portals until you can enforce session monitoring, content inspection, and step-up controls for sensitive workflows.
- Test phishing resilience against content-based attacks Run purple-team exercises with malformed pages, hidden instructions, and rotating phishing URLs to see whether the browser blocks the page or lets the model act on it.
What's in the full report
LayerX Security's full blog post covers the benchmark method and browser-by-browser findings this post intentionally leaves at a higher level:
- The full test methodology for the 100 phishing sites drawn from OpenPhish and PhishTank.
- Browser-by-browser blocking examples showing where Comet, Genspark, Dia, Chrome, and Edge diverged.
- The detailed explanation of how Google Safe Browsing and network-level certificate checks influenced results.
- The indirect prompt injection discussion that connects browser behaviour to unauthorized actions inside authenticated sessions.
👉 Read LayerX Security's analysis of AI browser phishing exposure and control gaps →
AI browsers and phishing: are your controls keeping up?
Explore further
AI browsers are becoming a new identity control point, not just a new user interface. Once a browser can search, summarise, and act inside authenticated sessions, it starts to mediate access decisions that used to sit in the human layer. That changes the governance question from browser hardening alone to session trust, delegated action, and identity containment. Practitioners should treat browser choice as part of identity architecture.
A few things that frame the scale:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
- A separate finding from the same research shows that only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs.
A question worth separating out:
Q: Who is accountable when an AI browser enables credential theft or unauthorized access?
A: Accountability sits across endpoint security, identity governance, and application owners because the browser now participates in the access path. Organisations should assign ownership for AI browser policy, session containment, and acceptable-use enforcement before users adopt them broadly.
👉 Read our full editorial: AI browsers expose a new phishing control gap for enterprises