Before you install the "AI browser," read this. Ars Technica checked it for us, and the results are truly concerning.

AI browsers were supposed to be a new way to use the internet. Companies promised intelligent agents, automatic actions, and the feeling that the computer would start to "do things" for us. However, tests conducted by the Ars Technica editorial team show that reality is still far from the promises. We, as an editorial team, only discuss their results, but one thing can already be said: AI browsers in 2025 are more of a risk than a revolution.

Prompt injection – the biggest bomb under browser AIs

The most serious conclusion from Ars Technica's tests concerns vulnerability to prompt injection. This is a situation where a website hides instructions invisible to the user, and the AI executes them without any reflection. There's no need to hack anything – a little hidden text is enough for the browser to start ignoring the user, changing its style of speech, or carrying out absurd commands.

Ars Technica demonstrated this with specific examples. In one of them, the browser started writing exclusively like a pirate and replaced the word "dog" with the term "sea dog." It may seem like a joke, but it actually reveals something serious: if it's so easy to influence the model's language, it will be even easier to prompt it to recommend a more expensive product in the store, ignore security warnings, or pass on suspicious links.

Privacy? According to Ars Technica – that's really a problem

Ars Technica points out yet another, deeper issue: user data. In traditional search engines, we give up snippets of information. In conversations with AI – often everything. People write to models as if they are assistants, advisors, and sometimes even therapists. They entrust them with things they would never input into Google Search.

And here lies the crux: the AI browser sends literally everything you do to the cloud. The pages you visit. Every question. Every snippet of conversation. Ars Technica warns that this is the purest form of profiling we have on the market today. Moreover, this data often goes toward training future models. Your private stories could become part of the dataset for millions of other users.

AI Agents? Ars Technica: “In practice, they hinder rather than help”

The feature that was supposed to distinguish the browser AI was the so-called agents – tools that perform tasks automatically. However, tests by Ars Technica show that they operate in a chaotic and unpredictable manner. They often slow down work instead of speeding it up. They can skip important elements of the page, summarize content that nobody asked for, or perform actions contrary to instructions.

What’s worse, these same agents are susceptible to prompt injection, which means they can be manipulated just as easily as a regular model. Ars Technica emphasizes that in extreme cases, they can even fall victim to phishing, recognizing a malicious link as safe. This is no longer a “shortcoming” of functionality – it’s a threat.

Under the hood, it’s still Chromium. Ars Technica: “AI browsers don’t discover anything”

When Ars Technica looked at AI browsers from a technical perspective, the conclusions were particularly sobering. Most of them are just Chromium with an LLM glued to the sidebar. The model still runs in the cloud, so the browser itself doesn’t bring any “magic.” Many features can be replicated with extensions for Chrome: AI-based search, context retrieval from the page, or semi-agentic actions.

In practice, this means that the AI browser does not provide the user with a significant advantage. Rather, it organizes several existing tools into one package and tries to sell it as the future of the internet.

Ars Technica: AI browsers need to aim higher

The summary of the tests is very clear. LLM in the sidebar is not enough. If AI is truly to revolutionize internet browsing, the creators of these tools must go beyond the idea of “ChatGPT in the adjacent window.” There’s a need for new concepts, better protection, greater privacy, and features that actually solve problems rather than just repeating information found on the page. And it's hard to disagree with that. After the fall of the original Arc, many people – including in our editorial team – are still searching for a browser that will set a new direction. Unfortunately, AI browsers in their current form are not doing that yet.

AI browsers are still an experiment, not a tool for everyone

Ars Technica's tests show that AI browsers are more of an experiment than a tool for the masses at this time. The risk of manipulation, privacy issues, immature agents, and the fact that most features can be replicated with extensions make it difficult to treat them as a finished product. This is technology with enormous potential – but not at this stage where it would be worth entrusting it with everyday tasks.