Agentic Browser Security: 2025 Year-End Review

## Executive Summary The report surveys the 2025 rise of agentic AI browsers and catalogs a series of security discoveries and exploit demonstrations—prompt injection, indirect prompt injection (URL fragments), Task Injection, CSRF-based poisoning of persistent memory, and one-click data exfiltration techniques—while summarizing vendor mitigations (HITL, isolation, RL critics) and recommending isolation, human confirmation, and risk-limited use.