Exploring Agentic Browser Privacy

Lately I’ve been thinking about what happens to web privacy when the browser stops being a passive viewer and starts acting on your behalf. AI-powered browsers and web agents are already here: they fill out forms, click buttons, navigate sites, and make decisions, all without you directly doing any of it.

That changes the threat model in ways I find genuinely interesting. The traditional web privacy story is about third-party trackers watching what you do. But what does that look like when it’s an agent doing the browsing? Who does it share context with? What does it leak?

I’m still early in exploring this space, but one paper I’m planning to read is Agentic Browsers and the Same-Origin Policy, which looks at how existing browser security boundaries hold up, or don’t, in agentic settings.

More to come as I dig in.

Other links on my reading list:

• Indirect Prompt Injections and Google’s Layered Defense Strategy for Gemini
• Comet and Prompt Injection