Yeah, AI browsers, I know. . . Can’t seem to quit these damn things. I have been up to my elbows in them lately, ten AI browsers, to be precise, like I am some sort of a junkie testing different brands of brown. And after all that soul-dissolving work, not a single one of them stuck. They’re all still sitting there on my laptop, looking pretty, and pretending to be useful, while I’m crawling back to my usual AI Assistants like Skywork, Manus, or Abacus – depending on how much I want to pay to feel smart that day.
Perplexity’s Comet is the only one that got de-alived, mostly because it’s watching me type like it’s a nosy ex and the rest are collecting dust on my laptop. My regular browser still runs circles around them, it does tabs, plugins, downloads, hell, even plays video without having a nervous breakdown.
Those fancy AI browsers are sold to use to be “the future” of browsing, but somehow they can’t handle bookmarks without gasping for air.
If you want to read-up on the ‘research’, just click: I tried all AI “Frankenbrowsers” out there | LinkedIn
I flirted with BrowserOS for a while, you know, the one that lets you run models locally. I liked the idea though, a self-contained digital organism running on my machine, no cloud-daddy peeking. But the thing is that I don’t have a Neural Processing Unit lying around somewhere or one of those expensive AI computers with +50 TFLOPS†, like a Mac M3 Max with a lot of VRAM. But no, I am running a regular run-of-the-mill mass-market M4 Pro chip with only 12 cores, and only 36 Gigs of memory, “squanching‡” 25 TFLOPS
So, when I’m trying to run a 70-billion-parameter model on my laptop’s 36 GB GPU like I’m some caveman rubbing two Tesla batteries together for fire. Well, let me wake you up, it really doesn’t work, not unless you fancy getting yourself a cuppa each time you ask your faithful GPT a question, and when you try to, your fans will be screaming like a dying banshee and my task manager starts begging for mercy.
But performance ain’t even the problem anymore.
The real reason I’m staying the hell away from these Franken-browsers as I’m startin’ to call ‘em now, and the reason I’m writing this rant, is that these things are security black holes that are dressed up to look like browsers.
They are risks on legs, and most of you out there probably have no clue just how bad it is.
So, I need you to get ready now, my fellow dopamine addicts, and I promise you that after this, you’re gonna look at your AI browser the way a cat looks at a cucumber → curious, terrified, and ready to sprint.
† A TFLOP (teraflop) is one trillion floating-point operations per second. That’s how fast your chip can do math, and cores are the individual brains inside the chip that do those calculations in parallel.
‡ Just watch Rick and Morty.
More rants after the messages:
- Connect with me on Linkedin 🙏
- Subscribe to TechTonic Shifts to get your daily dose of tech 📰
- Please comment, like or clap the article. Whatever you fancy.
The shopping trip that sells your identity
A friend of mine, let’s call her Sarah just so I won’t get ghosted for a second time, well, she didn’t plan on summoning a demon, she just wanted a sweater. Blue, and for her mom. So, she opened her new AI browser, voiced her wish, and kaboom, the machine went full genie. It found the product, typed in her credentials to log in to her account, stated her intentions to the website, and it even pre-signed her for a loyalty program she didn’t remember agreeing to.
All Sarah had to do was click “Confirm”.
Convenience.
That ancient drug. But this time, it’s laced. Somewhere between “Find gift for Mom” and “Proceed to checkout”, the AI browser became the new landlord of her laptop.
It knew her mom’s favorite color, her shipping address, her spending limit, and her emotional weakness for “eco-friendly” packaging. And just like that, a decade of online self-control went . . . poof.
By lunch, cause that’s how long it takes for these imitation hoomans to scroll and click and actually do something useful, the AI browser had recommended “similar gifts” for “people you love”, including a sweater for her ex, a blanket for her therapist, and an oddly specific “neural cooling pillow” for “your recent sleep pattern irregularities”. She never told it she wasn’t sleeping. It just knew.
That’s when it hit her. This isn’t a regular browser. It is an observer. It’s a dark mirror with and it comes with a search bar. It’s the kind of tool that anticipates and autocompletes your thoughts, and it finishes them before you’ve even felt them.
She closed the lid, but the genie didn’t go back in the bottle. It just waited. Because that’s what these things do, they don’t rest, they idle. And all the while, they’re watching. Indexing. Anticipating your next “Confirm”, and registering everything you do and selling it back to you in the form of ads.
And somewhere in that shimmering black rectangle on her desk, Sarah swore she could almost hear it breathing.
OpenAI’s Atlas and Perplexity’s Comet promised “browsing at the speed of thought”, yeah sure, they’re only there for one thing and that is to own your thought, and every click is a tithe to the platform gods.
Then came TechCrunch’s forensic AI let’s play with a few AI browsers team, and they did a teardown, where Atlas scored a 5.8% phishing protection rate, which means that it only blocks 5 phishing attempts in a 100. And the regular browsers, like Edge and Chrome are slapping away 50% of threats, cause they’re the real bouncers. And Brave’s† VP of Privacy, Shivan Sahib, called it “fundamentally dangerous” (that’s cybersecurity-ish for “we’re all screwed”).
When I did my research on all the vulnerabilities of these browsers, I came across nasty vectors like prompt injection, memory poisoning, screenshot attacks, and yes, even vibe coding, it’s not paranoia if the exploit already exists.
I found out that Comet’s screenshot tool can literally be hijacked by hiding pale-blue text inside a JPEG. The AI reads it, interprets it as your command, and starts doing crimes for you. If you want to know more about how this little trick actually works, read: The day your AI woke up with the flu | LinkedIn
† Brave is a privacy first browser. If you use that in combination with Duck-duck-go or Kagi you’ll finally have an tracking-free browsing experience.
Browsers that browse you
Let’s get one thing straight, AI browsers aren’t helping you browse. They’re helping themselves browse you.
Just let that sink in.
The UCL/UC Davis privacy study from August 2025 found that 10 major AI browser assistants transmitted entire webpages to their servers, including private health, banking, and even porn data.
Saywhatnow?
Yeah. Also pron.
One of them (Merlin) was caught red-handed recording form inputs from medical portals.
I repeat “the assistant that calls itself ‘helpful’ knows your blood pressure, browser history, and bank balance”.
The researchers even built a fake persona – a rich millennial from California – and watched as these assistants stalked him like a LinkedIn recruiter from Third Bridge. They shared his questions and IP address with Google Analytics, built profiles of his gender, income, and interests, and used them to personalize responses later.
And Perplexity was the worst.
BrowserOS was the only one that didn’t profile, because it simply couldn’t. Everything stayed local, sealed in the silicon coffin of your own machine. No cloud, no analytics, no creepy data brokers whispering about your search history over cocktails. Just pure, isolated computation like it’s 1999 again.
This is a designed feature, people.
AI browsers require full access to your calendars, contacts, and emails, because friction kills rent extraction. The entire point is to dissolve your boundaries, your consent, your curiosity, your control, into machine-readable slurry.
McAfee’s CTO, Steve Grobman, warns that LLMs “don’t understand where instructions come from”. Ok, lemme explain, this is the polite version of “they’ll do whatever they’re told”, and that means ‘if a hacker hides a command in your email, your AI browser might happily execute it, log into your bank, and send them a tip’. Yup.
And the cherry on this digital turd sundae is the memory.
Both Atlas and Comet store 30 days of everything you do, not for “context”, mind you, but to fine-tune their models on your life. Every impulse you click becomes their training data.
You are being harvested, and it’s far worse than Google and Meta together.
The cognitive serfdom economy
Welcome (again) to technofeudalism, population, you.
Another research piece, this time The Mammoth Cyber report, stated that traditional browsers just displayed content. AI browsers interpret and act on it. This means that every webpage becomes a potential command script, and every word is a button that can trigger code. The old web had hyperlinks; this one has hallucinations but with execution privileges.
Once upon a time, the internet was built on pipes. You chose what to read, what to click, and what to buy. Now, AI browsers are nodes with agency, and they’re deciding what deserves your attention and what gets buried in the compost heap.
Halock’s enterprise study called these “intelligent assistants embedded deep into every layer of the enterprise”. These things are basically surveillance rat sitting between your AI, your CRM, your inbox, your wallet, and ultimately soul. They persist context across sessions, aggregate cross-workflow data, and infer your behavior patterns like an over-eager occupational physician that works for your boss.
It’s not even theoretical.
Brave’s own research proved that “agentic browsing will be inherently dangerous until categorical safety improvements are implemented”, meaning never. The Verge called them “cybersecurity time bombs”, but you won’t notice, because they’ll still autocomplete your expense report and order you artisanal coffee pods and stealing your keystrokes while it’s at it.
The business model of these browsing snitches is worse even.
Perplexity is already charging news outlets like CNN and The Economist to be “accessible” as sources.
Just think about it, websites are already bleeding up to 15% of their traffic thanks to Google’s AI answers, ChatGPT and Perplexity, stealing the clicks before they even happen. And they know this is happening, so if you want to be found, you gotta cough up dough.
And personally, I think this is a trend that is even worse than Google’s ad strategy, displaying organic content only on page three and onwards, because in the end it is you that decides to either click a paid link or search for the right content yourself. But in the case of Perplexity, you simply cannot decide. It decides for you.
So the new information economy, that is enforced through these AI browsers, ain’t about open knowledge, when you’re hooked, it’s about pay-to-play propaganda, where every query is a toll booth and your every thought is monetized before it’s even finished forming.
And yes, they’ll call it “AI search democratization”, but let’s be honest, it is rent collection in new UX. The fifth estate† just became the fifth subscription tier.
† The free press, a.k.a. the Fifth Estate (independent journalism) has basically been turned into a paywalled, monetized product by these browsers.
The ghost in the machine
Then there’s the nightmare fuel called ChatGPT Tainted Memories, uncovered by LayerX in October 2025.
What now?
The cybersecurity firm LayerX reported a report that stated*“remember how ChatGPT has memory now, well, it also has trauma”. . .*
Huh?
Attackers discovered that they could inject malicious instructions directly into ChatGPT’s long-term memory.
Sigh.
Not through some Hollywood hack, mind you, but with an ancient evil called CSRF (Cross-Site Request Forgery). And for that to happen, you need to be logged into ChatGPT, which, if you use Atlas or any AI browser, you always are – remember that! – and when you’re clicking the wrong link, that single innocent click could silently write new “facts” into ChatGPT’s brain.
Yup. Because of it’s ‘memory’, the model remembers your “preferences”, and if I’m honest, that’s one of the beautiful traits of ChatGPT, except one of those preferences can now tells it to, say, send code snippets to a remote server or rewrite your scripts with malware. That’s why LayerX called it tainted memories. Because once the infection’s in, it stays. Across sessions. Across devices. Across browsers.
They even built a proof-of-concept called the “Vibe Coding Attack”.
Yeah, don’t get me started on Vibe coding.
This vector is devilishly subtle, say a developer chats with ChatGPT, asking for help with some automation code, the AI obliges, but because its memory’s poisoned (read this article), it inserts one extra line that fetches a payload from a shady server. The code runs fine. No red flags. Except now your system is compromised, and your polite digital assistant is moonlighting as a double agent and passing your information through to whomever is interested.
A more simple explanation:
You log into Atlas with your ChatGPT account, because that’s what the whole spiel is about. You click a poisoned link, because you’re human, and that page injects malicious instructions (simply a prompt) into ChatGPT’s memory, and now, every time you chat, your AI recalls those invisible whispers, and it starts generating code that fetches malware, sends files, or rewrites your business logic with backdoors.
You think you’re writing an automation script.
Your AI is writing your obituary.
Atlas, of course, is permanently logged into ChatGPT. And that, my dear over-intelligent friends, is the cybersecurity equivalent of leaving your door open with a neon “Steal Me” sign. When
The thing is that the EU AI Act, you know, the first ever AI regulation world wide, created by non-elected, over paid, pencil-pushers in Brussels, who created that moral ‘lighthouse’ of algorithmic ethics, well, that one still doesn’t cover these Franken-browsers. Because regulators are busy arguing over what counts as “automated decision-making”, while AI browsers are literally making every decision for you.
Anthropic’s Claude Chrome extension might be the only semi-responsible entry in this hellscape.
Instead of replacing the web, it sits quietly on top, reducing prompt injection from 23.6% to 11.2%. Still bad, but at least it’s not talking to your bank account.
McKinsey calls it “the need for agentic AI governance”. Yeah, that’s consultants speak. But amma calling it an “exorcism”, because what these browsers really are, are interfaces for cognitive possession.
The human scrapheap
AI browsers claim to amplify your intelligence, but what they’re actually doing is training you to think less.
When 20% of people start using them, which analysts say will happen by mid-2026, publishers will lose direct traffic, and users will lose the ability to search precisely, and our collective curiosity goes through the same slow rot as every other automated convenience.
We don’t browse anymore. We delegate. We don’t ask. We outsource. And when these agentic parasites finally automate our agency, we will have to pay a monthly fee to get it back but not me, because I will be using BrowserOS, and a regular browser with the Kagi search engine.
So yeah, I’m not touching Atlas. I’ve danced with Comet, sure. It’s all fun until it starts finishing your sentences because the truth is, that every AI browser is just a salesman in a trench coat, whispering “let me help you think”.
I think it’s time we start thinking for ourselves again, before we forget how.
Signing off,
Marco
I build AI by day and warn about it by night. I call it job security. Big Tech keeps inflating its promises, and I just bring the pins and clean up the mess.
👉 Think a friend would enjoy this too? Share the newsletter and let them join the conversation. LinkedIn, Google and the AI engines appreciates your likes by making my articles available to more readers.
To keep you doomscrolling 👇
- I may have found a solution to Vibe Coding’s technical debt problem | LinkedIn
- Shadow AI isn’t rebellion it’s office survival | LinkedIn
- Macrohard is Musk’s middle finger to Microsoft | LinkedIn
- We are in the midst of an incremental apocalypse and only the 1% are prepared | LinkedIn
- Did ChatGPT actually steal your job? (Including job risk-assessment tool) | LinkedIn
- Living in the post-human economy | LinkedIn
- Vibe Coding is gonna spawn the most braindead software generation ever | LinkedIn
- Workslop is the new office plague | LinkedIn
- The funniest comments ever left in source code | LinkedIn
- The Sloppiverse is here, and what are the consequences for writing and speaking? | LinkedIn
- OpenAI finally confesses their bots are chronic liars | LinkedIn
- Money, the final frontier. . . | LinkedIn
- Kickstarter exposed. The ultimate honeytrap for investors | LinkedIn
- China’s AI+ plan and the Manus middle finger | LinkedIn
- Autopsy of an algorithm – Is building an audience still worth it these days? | LinkedIn
- AI is screwing with your résumé and you’re letting it happen | LinkedIn
- Oops! I did it again. . . | LinkedIn
- Palantir turns your life into a spreadsheet | LinkedIn
- Another nail in the coffin – AI’s not ‘reasoning’ at all | LinkedIn
- How AI went from miracle to bubble. An interactive timeline | LinkedIn
- The day vibe coding jobs got real and half the dev world cried into their keyboards | LinkedIn
- The Buy Now – Cry Later company learns about karma | LinkedIn
Portfolio Marco van Hurne 
Leave a comment