The Agentic Trap: Why the Web is Hostile Territory for AI 

The BrowseSafe paper shows that AI browser agents face fundamental security risks from prompt injection when they process untrusted web content; realistic attacks (distractors, role confusion, context-integrated rewrites) cause major models and safety classifiers to fail on the BrowseSafe-Bench. The authors argue that model-capability does not equal security and propose architecture-centric, zero-trust defenses—trust boundaries, lightweight parallel screening, conservative aggregation, and human-in-the-loop verification—to mitigate large-scale data-exfiltration and unauthorized actions that agents can perform.