Before you install the "AI browser," read this. Ars Technica checked it for us and the results are really concerning.

AI browsers were meant to be a new way of using the internet. Companies promised intelligent agents, automated actions, and the impression that the computer would start to "do things" for us. However, tests conducted by the Ars Technica editorial team show that reality is still far from the promises. We as an editorial team only discuss their results, but already one thing can be said: AI browsers in 2025 are more of a risk than a revolution.

Prompt injection – the biggest bomb under AI browsers

The most serious conclusion from the Ars Technica tests concerns vulnerability to prompt injection. This is a situation where a website hides invisible instructions from the user, and the AI executes them without any reflection. There’s no need to hack anything – just a bit of hidden text is enough for the browser to start ignoring the user, changing its style of speech, or executing absurd commands.

Ars Technica demonstrated this with specific examples. In one of them, the browser began to write exclusively like a pirate and replaced the word "dog" with the term "sea dog." It looks like a joke, but it actually reveals something serious: if it’s so easy to influence the model’s language, it will be even easier to prompt it to recommend a more expensive product in the store, ignore security warnings, or pass along suspicious links.

Privacy? According to Ars Technica – this is a real problem

Ars Technica points out yet another, deeper issue: user data. In traditional search engines, we provide fragments of information. In conversations with AI – often everything. People write to models as if they were assistants, advisors, and sometimes even therapists. They entrust them with things they would never type into Google Search.

And here lies the crux: the AI browser sends literally everything you do to the cloud. The pages you visit. Every question. Every fragment of conversation. Ars Technica warns that this is the purest form of profiling we have on the market today. Moreover, this data often ends up being used to train future models. Your private stories could become part of the dataset for millions of other users.

AI Agents? Ars Technica: “In practice, it hinders rather than helps”

The feature that was supposed to differentiate the browser AI was the so-called agents – tools that perform tasks automatically. However, tests by Ars Technica indicate that they operate in a chaotic and unpredictable manner. Often, they slow down work instead of speeding it up. They can skip important elements of the page, summarise content no one asked for, or perform actions that contradict the instructions.

What’s worse, these same agents are susceptible to prompt injection, which means they can be manipulated just as easily as a regular model. Ars Technica emphasises that, in extreme cases, they could even fall for phishing, meaning they might recognise a malicious link as safe. This is no longer a “flaw” in the functionality – it’s a threat.

Under the hood, it's still Chromium. Ars Technica: "AI browsers aren't discovering anything"

When Ars Technica took a technical look at AI browsers, the conclusions were particularly sobering. Most of them are just Chromium with an LLM tacked onto the sidebar. The model still operates in the cloud, so the browser itself doesn't bring any "magic." Many features can be replicated with Chrome extensions: an AI-based search engine, context fetching from the page, or semi-agent actions.

In practice, this means that the AI browser doesn't give the user any significant advantage. Rather, it organizes a few existing tools into one package and tries to sell it as the future of the internet.

Ars Technica: AI browsers need to aim higher

The summary of the tests is very clear. LLM in the sidebar is not enough. If AI is to truly revolutionise browsing the internet, the creators of these tools must move beyond the idea of "ChatGPT in a window next door." There is a need for new concepts, better protection, greater privacy, and features that actually solve problems rather than just repeating information found on the page. It's hard to disagree with that. After the fall of the original Arc, many people – including in our editorial team – are still searching for a browser that will set a new direction. Unfortunately, AI browsers in their current form are not doing that yet.

AI browser is still an experiment, not a tool for everyone

Tests by Ars Technica show that AI browsers are currently more of an experiment than a tool for the masses. The risk of manipulation, privacy issues, immature agents, and the fact that most features can be replicated with extensions make it hard to consider them a ready product. It’s a technology with enormous potential – but not yet at a stage where it’s worth trusting with daily tasks.