...
As Rami McCarthy, principal security researcher at Wiz, puts it, "A useful way to reason about risk in AI systems is autonomy multiplied by access." The more your agent can do, and the more data it can reach, the higher your exposure.
Agent mode in ChatGPT Atlas allows the browser agent to view webpages and take actions, clicks, and keystrokes inside your browser, just as you would. That's the value proposition. Security researchers responded by publishing demos showing it was possible to write a few words in Google Docs that changed the browser's behavior. That's the vulnerability. ...
McCarthy's assessment is blunt: "For most everyday use cases, agentic browsers don't yet deliver enough value to justify their current risk profile." ...
Agents are synthetic employees and they should be treated as such. Start with minimum necessary permissions and expand only with clear business justification. Audit what your agents can access today. Require confirmation steps for anything involving money, messages, or sensitive data. ...
See the full story here: https://shellypalmer.com/2025/12/openai-admits-agentic-ai-may-never-be-secure/