This is big news. Gartner Group is the largest IT trend analysis firm, used by essentially all large corporations. They just recommended blocking the installation and use of AI browsers:
Agentic browsers are too risky for most organizations to use, according to analyst firm Gartner.
The firm offered that advice last week in a new advisory titled “Cybersecurity Must Block AI Browsers for Now,” in which research VP Dennis Xu, senior director analyst Evgeny Mirolyubov, and VP analyst John Watts observe “Default AI browser settings prioritize user experience over security.”
I've posted about the risks of AI browsers. Gartner's recommendations track mine:
Gartner’s fears about the agentic capabilities of AI browser relate to their susceptibility to “indirect prompt-injection-induced rogue agent actions, inaccurate reasoning-driven erroneous agent actions, and further loss and abuse of credentials if the AI browser is deceived into autonomously navigating to a phishing website.”
The authors also suggest that employees “might be tempted to use AI browsers and automate certain tasks that are mandatory, repetitive, and less interesting” and imagine some instructing an AI browser to complete their mandatory cybersecurity training sessions. [Highlighting mine - Borepatch]
The highlighted bit is a very clever way to get attention from IT departments. Not only will it irritate the IT Security team but it will focus the Risk Management team on potential loss of SOC2 compliance. This is a very Gartner way of getting eyeballs from the CISO and CIO. Like I said, clever.
And yeah, I agree 100% with Gartner on this.
No comments:
Post a Comment