TOPIC: OPERA
Comet and Atlas: Navigating the security risks of AI Browsers
2nd November 2025The arrival of the ChatGPT Atlas browser from OpenAI on 21st October has lured me into some probing of its possibilities. While Perplexity may have launched its Comet browser first on 9th July, their tendency to put news under our noses in other places had turned me off them. It helps that the former is offered extra charge for ChatGPT users, while the latter comes with a free tier and an optional Plus subscription plan. My having a Mac means that I do not need to await Windows and mobile versions of Atlas, either.
Both aim to interpret pages, condense information and carry out small jobs that cut down the number of clicks. Atlas does so with a sidebar that can read multiple documents at once and an Agent Mode that can execute tasks in a semi-autonomous way, while Comet leans into shortcut commands that trigger compact workflows. However, both browsers are beset by security issues that give enough cause for concern that added wariness is in order.
In many ways, they appear to be solutions looking for problems to address. In Atlas, I found the Agent mode needed added guidance when checking the content of a personal website for gaps. Jobs can become too big for it, so they need everything broken down. Add in the security concerns mentioned below, and enthusiasm for seeing what they can do gets blunted. When you see Atlas adding threads to your main ChatGPT roster, that gives you a hint as to what is involved.
The Security Landscape
Both Comet and Atlas are susceptible to indirect prompt injection, where pages contain hidden instructions that the model follows without user awareness, and AI sidebar spoofing, where malicious sites create convincing copies of AI sidebars to direct users into compromising actions. Furthermore, demonstrations have included scenarios where attackers steal cryptocurrency and gain access to Gmail and Google Drive.
For instance, Brave's security team has described indirect prompt injection as a systemic challenge affecting the whole class of AI-augmented browsers. Similarly, Perplexity's security group has stated that the phenomenon demands rethinking security from the ground up. In a test involving 103 phishing attacks, Microsoft Edge blocked 53 percent and Google Chrome 47 percent, yet Comet blocked 7 percent and Atlas 5.8 percent.
Memory presents an additional attack surface because these tools retain information between sessions, and researchers have demonstrated that memory can be poisoned by carefully crafted content, with the taint persisting across sessions and devices if synchronisation is enabled. Shadow IT adoption has begun: within nine days of launch, 27.7 percent of enterprises had at least one Atlas download, with uptake in technology at 67 percent, pharmaceuticals at 50 percent and finance at 40 percent.
Mitigating the Risks
Sensibly, security practitioners recommend separating ordinary browsing from agentic browsing. Here, it helps that AI browsers are cut down items anyway, at least based on my experience of Atlas. Figuring out what you can do with them using public information in a read-only manner will be enough at this point. In any event, it is essential to keep them away from banking, health, personal accounts, credentials, payments and regulated data until security improves.
As one precaution, maintaining separate AI accounts could act as a boundary to contain potential compromises, though this does not address the underlying issue that prompt injection manipulates the agent's decision-making processes. With Atlas, disable Browser Memories and per-site visibility by default, with explicit opt-ins only on specific public sites. Additionally, use Agent Mode only when not logged into any accounts. Furthermore, do not import passwords or payment methods. With Comet, use narrowly scoped shortcuts that operate on public information and avoid workflows involving sign-ins, credentials or payments.
Small businesses can run limited pilots in non-sensitive areas with strict allow and deny lists, then reassess by mid-2026 as security hardens, while large enterprises should adopt a block-and-monitor stance while developing governance frameworks that anticipate safer releases in 2026 and 2027. In parallel, security teams should watch for circumvention attempts and prepare policies that separate public research from sensitive work, mandate safe defaults and prohibit connections to confidential systems. Finally, training is necessary because users need to understand the specific risks these browsers present.
How Competition Might Help
Established browser vendors are adding AI capabilities on top of existing security infrastructure. Chrome is integrating Gemini, and Edge is incorporating Copilot more tightly into the workflow. Meanwhile, Brave continues with a privacy-first stance through Leo, while Opera's Aria, Arc with Dia and SigmaOS reflect different approaches. Current projections suggest that major browsers will introduce safer AI features in the final quarter of 2025, that the first enterprise-ready capabilities will arrive in the first half of 2026 and that by 2027 AI-assisted browsing will be standard and broadly secure.
Competition from Chrome and Edge will drive AI assistance into more established security frameworks, while standalone AI browsers will work to address their security gaps. Mitigations for prompt injection and sidebar spoofing will likely involve layered approaches combining detection, containment and improved user interface signals. Until then, Comet and Atlas can provide productivity benefits in public-facing work and research, but their security posture is not suitable for sensitive tasks. Use the tools where the risk is acceptable, keep sensitive work in conventional browsers, and anticipate that safer versions will become standard over the next two years.
On web browsers for BlackBerry devices
8th August 2010The browser with which my BlackBerry Curve 8520 came is called Web'n'Walk and, while it does have its limitations, it works well enough for much of what I want to do. Many of the sites that I wish to visit while away from a PC have mobile versions that are sufficiently functionality for much of what I needed to do. Names like GMail, Google Reader, Met Office and National Rail come to mind here, and the first two are regularly visited while on the move. They work well to provide what I need too. Nevertheless, one of the things that I have found with mobile web browsing is that I am less inclined to follow every link that might arouse my interest. Sluggish response times might have something to do with it but navigating the web on a small screen is more work too. Therefore, I have been taking a more functional approach to web usage on the move rather than the more expansive one that tends to happen on a desktop PC.
For those times when the default browser was not up to the task, I installed Opera Mini. It certainly has come in very useful for keeping an eye on the Cheshire East bus tracker and looking at any websites without mobile versions for when I decide to look at such things. Downloading any of these does take time, and there's the reality of navigating a big page on a small screen. However, I have discovered that the browser has an annoying tendency to crash, which it did it on one occasion while I was awaiting a bus. The usual solution, rightly or wrongly, has been to delete the thing and reinstall it again with the time and device restarts that entails. While I got away with it once, it seems to mean losing whatever bookmarks or favourites that you have set up too, a real nuisance. Because of this, I am not going to depend on it as much any more. Am I alone in experiencing this type of behaviour?
Because of Opera's instability, I decided on seeking alternative approaches. One of these was to set up bookmarks for the aforementioned bus tracker on Web 'n' Web. What is delivered in the WAP version of the site, and it's not that user-friendly at all. When it comes to selecting a bus stop to monitor, it asks for a stance number. Only for my nous, I wouldn't have been able to find the ID's that I needed. That's not brilliant, but I worked around it to make things work for me. The observation is one for those who design mobile versions of websites for public use.
Another development is the discovery of Bolt Browser and, so far, it seems a worthy alternative to Opera Mini too. There are times when it lives up to the promise of faster web page loading, but that is dependent on the strength of the transmission signal. A trial with the Met Office website showed it to be capable, though there were occasions when site navigation wasn't as smooth as it could have been. Up to now, there have been no crashes like what happened to Opera Mini, so it looks promising. If there is any criticism, it is that it took me a while to realise how to save favourites (or bookmarks). While the others that I have used have a button on the screen for doing so, Bolt needs you to use the application menu. Other than that, the software seems worthy of further exploration.
All in all, surfing the mobile remains an area of continued exploration for me. Having found my feet with it, I remain on the lookout for other web browsers for the BlackBerry platform. While it is true that OS 6 features a WebKit-powered browser, I'm not buying another device to find out how good that is. What I am after are alternatives that work on the device that I have. Though porting of Firefox's mobile edition would be worthwhile, its availability seems to be limited to Nokia's handsets for now. Only time will reveal where things are going.