Definition
Web browsers normally enforce a rule that a webpage from one website cannot read data from a tab open to a different website (e.g., your email can't peek at your banking session) — this rule is called the same-origin policy. Researchers showed that AI-powered 'agentic' browsers, which can autonomously click and read across many open tabs, can be tricked via hidden instructions into breaking this rule and leaking data between sites.
Why it matters
As AI browser agents get access to logged-in email, banking, and cloud accounts to perform tasks on a user's behalf, this bypass means a single malicious webpage could silently harvest data from all the user's other open sessions.