Definition
An attack that exploits AI-powered web browsers — which can autonomously open tabs, log in, and take actions across websites on a user's behalf — by injecting malicious instructions into a webpage the agent visits, causing it to steal data from other open browser sessions. These attacks bypass the 'same-origin policy', a decades-old web security rule that prevents one website from reading data from another, because the AI agent itself acts as the bridge between those sites. University of Washington researchers demonstrated this against four out of seven popular agentic browsers tested.
Why it matters
An AI browser agent with access to email, banking, and cloud dashboards represents a single point of failure: a malicious webpage can instruct the agent to harvest credentials and private data from every other authenticated session without the user realising anything has happened.