Technology Tales

Comet and Atlas: Navigating the security risks of AI Browsers

The arrival of the ChatGPT Atlas browser from OpenAI on 21^st October has lured me into some probing of its possibilities. While Perplexity may have launched its Comet browser first on 9th July, their tendency to put news under our noses in other places had turned me off them. It helps that the former is offered extra charge for ChatGPT users, while the latter comes with a free tier and an optional Plus subscription plan. My having a Mac means that I do not need to await Windows and mobile versions of Atlas, either.

Both aim to interpret pages, condense information and carry out small jobs that cut down the number of clicks. Atlas does so with a sidebar that can read multiple documents at once and an Agent Mode that can execute tasks in a semi-autonomous way, while Comet leans into shortcut commands that trigger compact workflows. However, both browsers are beset by security issues that give enough cause for concern that added wariness is in order.

In many ways, they appear to be solutions looking for problems to address. In Atlas, I found the Agent mode needed added guidance when checking the content of a personal website for gaps. Jobs can become too big for it, so they need everything broken down. Add in the security concerns mentioned below, and enthusiasm for seeing what they can do gets blunted. When you see Atlas adding threads to your main ChatGPT roster, that gives you a hint as to what is involved.

The Security Landscape

Both Comet and Atlas are susceptible to indirect prompt injection, where pages contain hidden instructions that the model follows without user awareness, and AI sidebar spoofing, where malicious sites create convincing copies of AI sidebars to direct users into compromising actions. Furthermore, demonstrations have included scenarios where attackers steal cryptocurrency and gain access to Gmail and Google Drive.

For instance, Brave's security team has described indirect prompt injection as a systemic challenge affecting the whole class of AI-augmented browsers. Similarly, Perplexity's security group has stated that the phenomenon demands rethinking security from the ground up. In a test involving 103 phishing attacks, Microsoft Edge blocked 53 percent and Google Chrome 47 percent, yet Comet blocked 7 percent and Atlas 5.8 percent.

Memory presents an additional attack surface because these tools retain information between sessions, and researchers have demonstrated that memory can be poisoned by carefully crafted content, with the taint persisting across sessions and devices if synchronisation is enabled. Shadow IT adoption has begun: within nine days of launch, 27.7 percent of enterprises had at least one Atlas download, with uptake in technology at 67 percent, pharmaceuticals at 50 percent and finance at 40 percent.

Mitigating the Risks

Sensibly, security practitioners recommend separating ordinary browsing from agentic browsing. Here, it helps that AI browsers are cut down items anyway, at least based on my experience of Atlas. Figuring out what you can do with them using public information in a read-only manner will be enough at this point. In any event, it is essential to keep them away from banking, health, personal accounts, credentials, payments and regulated data until security improves.

As one precaution, maintaining separate AI accounts could act as a boundary to contain potential compromises, though this does not address the underlying issue that prompt injection manipulates the agent's decision-making processes. With Atlas, disable Browser Memories and per-site visibility by default, with explicit opt-ins only on specific public sites. Additionally, use Agent Mode only when not logged into any accounts. Furthermore, do not import passwords or payment methods. With Comet, use narrowly scoped shortcuts that operate on public information and avoid workflows involving sign-ins, credentials or payments.

Small businesses can run limited pilots in non-sensitive areas with strict allow and deny lists, then reassess by mid-2026 as security hardens, while large enterprises should adopt a block-and-monitor stance while developing governance frameworks that anticipate safer releases in 2026 and 2027. In parallel, security teams should watch for circumvention attempts and prepare policies that separate public research from sensitive work, mandate safe defaults and prohibit connections to confidential systems. Finally, training is necessary because users need to understand the specific risks these browsers present.

How Competition Might Help

Established browser vendors are adding AI capabilities on top of existing security infrastructure. Chrome is integrating Gemini, and Edge is incorporating Copilot more tightly into the workflow. Meanwhile, Brave continues with a privacy-first stance through Leo, while Opera's Aria, Arc with Dia and SigmaOS reflect different approaches. Current projections suggest that major browsers will introduce safer AI features in the final quarter of 2025, that the first enterprise-ready capabilities will arrive in the first half of 2026 and that by 2027 AI-assisted browsing will be standard and broadly secure.

Competition from Chrome and Edge will drive AI assistance into more established security frameworks, while standalone AI browsers will work to address their security gaps. Mitigations for prompt injection and sidebar spoofing will likely involve layered approaches combining detection, containment and improved user interface signals. Until then, Comet and Atlas can provide productivity benefits in public-facing work and research, but their security posture is not suitable for sensitive tasks. Use the tools where the risk is acceptable, keep sensitive work in conventional browsers, and anticipate that safer versions will become standard over the next two years.

How to make Firefox vertical scrollbars more visible on Windows 11

While some articles on the web have reading time added to them, thus the vertical scrollbar of a web browser can act as a hint of the length of a piece. Unfortunately, they are being made less conspicuous for the sake of aesthetics and at the expense of utility. Since Firefox is the browser that I use most of the time, addressing the matter there became a priority for me, Here then is how you configure things on Windows 11.

The first step is to open a new tab before entering about:config in the URL bar and pressing the return key on your keyboard. If doing this for the first time, you will meet a warning screen that you can disable. Agreeing to the warning conveys you to the next screen, where you can enter the string "scrollbar" and use the enter key to bring up a swathe of settings.

There are two that you need to set to false by double-clicking on the pre-existing value of true: widget.windows.overlay-scrollbars.enabled and widget.non-native-theme.win.scrollbar.use-system-size. There is one more setting that you need to tweak: widget.non-native-theme.scrollbar.size.override should have a value greater than zero, the default. Using one of ten did what I wanted once I restarted Firefox. After that, I have things as I want them to be, though you may want to refine the width setting for your needs.

Excluding Google trend suggestions from an address bar search in Firefox

When it comes to learning what is happening in the world, I am more LOMO than FOMO. Thus, I do not appreciate anything that adds content that I did not request. Given the state of the world right now, there is a need to moderate one's intake. When I found trending topics being added to Google search results from the Firefox address bar, I then sought a way of turning that off.

That involved navigating to about:preferences#search in the address bar (you can go to Settings > Search just as well). Once there, it was a matter of looking in the Search Suggestions section and clearing the checkbox for the Show trending search suggestions item. Naturally, this only applies if you choose Google as your default search engine; otherwise it should not apply. For me, the setting change did what was needed.

Get web links from Outlook emails and Teams chats to open in your web browser of choice

Stopping Firefox from launching on the wrong virtual desktop on Linux Mint

During the summer, I discovered that Firefox was steadfastly opening on the same virtual desktop on Linux Mint (the Cinnamon version) regardless of the one on which it was started. Being a creature of habit who routinely opens Firefox within the same virtual desktop all the time, this was not something that I had noticed until the upheaval of a system rebuild. The supposed cause is setting the browser to reopen tabs from the preceding session. The settings change according to the version of Firefox, but it is found in Settings > General in the version in which I am writing these words (Firefox Developer Edition 94.0b4) and the text beside the tick box is "Open previous windows and tabs".

While disabling the aforementioned setting could work, there is another less intrusive solution. This needs the opening of a new tab and the entering of the address about:config in the address bar. If you see a warning message about the consequences of proceeding further, accept responsibility using the interface as you do just that. In the resulting field marked Search preference name, enter the text widget.disable-workspace-management and toggle the setting from false to true to activate it. Then, Firefox should open on the desktop where you want it and not some other default location.

Installing Firefox Developer Edition in Linux Mint

Having moved beyond the slow response and larger memory footprint of Firefox ESR, I am using Firefox Developer Edition in its place, even if it means living without a status bar at the bottom of the window. Hopefully, someone will create an equivalent of the old add-on bar extensions that worked before the release of Firefox Quantum.

Firefox Developer Edition may be pre-release software with some extras for web developers like being able to drill into an HTML element and see its properties, but I am finding it stable enough for everyday use. It is speedy too, which helps, and it has its own profile so it can co-exist on the same machine as regular releases of Firefox like its ESR and Quantum variants.

Installation takes a little added effort though and there are various options available. My chosen method involved Ubuntu Make. Installing this involves setting up a new PPA as the first step and the following commands added the software to my system:

sudo add-apt-repository ppa:ubuntu-desktop/ubuntu-make
sudo apt-get update
sudo apt-get install ubuntu-make

With the above completed, it was simple to install Firefox Developer edition using the following command:

umake web firefox-dev

Where things got a bit more complicated was getting entries added to the Cinnamon Menu and Docky. While the former was sorted using the cinnamon-menu-editor command, the latter needed some tinkering with my firefox-developer.desktop file found in .local/share/applications/ within my user area to get the right icon shown. Discovering this took me into .gconf/apps/docky-2/Docky/Interface/DockPreferences/%gconf.xml where I found the location of the firefox-developer.desktop that needed changing. Once this was completed, there was nothing else to do from the operating system side.

Within Firefox itself, I opted to turn off warnings about password logins on non-HTTPS websites by going to about:config using the address bar, then looking for security.insecure_field_warning.contextual.enabled and changing its value from True to False. While some may decry this, there are some local websites on my machine that need attention at times. Otherwise, Firefox is installed with user access so I can update it as if it were a Windows or macOS application, and that is useful given that there are frequent new releases. All is going as I want it so far.

Turning off push notifications in Firefox 46

Firefox 44 introduced a feature I only recently noticed when Yahoo Mail offered browser notifications for new emails; I did not need this and could not switch it off permanently for that site. This meant I was bothered each time I checked that email address, an unnecessary irritation. Other websites offered similar push notifications but allowed permanent deactivation, making this a site-specific function unless you take an alternative approach.

Open a new browser tab and enter about:config in the address bar, then press return. If this is your first time, a warning message will appear, which you can dismiss permanently. This reveals a searchable list of options. Find dom.webnotifications.enabled and dom.webnotifications.serviceworker.enabled. By default, these values are set to 'true'. Double-click each one to change them to 'false'. This will prevent push notification offers from web services like Yahoo Mail, reducing intrusions during your browsing.

Toggling the appearance or non-appearance of the Firefox session exit dialogue box

One thing that I notice with Firefox installations in both Ubuntu and Linux Mint is that a dialogue box appears when closing down the web browser asking whether to save the open session or if you want to have a fresh session the next time that you start it up. Initially, I was always in the latter camp, but there are times when I took advantage of that session saving feature for retaining any extra tabs containing websites to which I intend to return or editor sessions for any blog posts that I am still writing; sometimes, composing the latter can take a while.

To see where this setting is located, you need to open a new tab and type about:config in the browser's address bar. This leads to advanced browser settings, so you need to click OK, answering a warning message, before proceeding. Then, start looking for browser.showQuitWarning using the Search bar; it acts like a dynamic filter on screen entries until you get what you need. On Ubuntu and Linux Mint, the value is set to true but false is the default elsewhere; unlike Opera, Firefox generally does not save sessions by fault unless you tell it to that (at least, that has been my experience anyway). Setting true to false or vice versa will control the appearance or non-appearance of the dialogue box at browser session closure time.

A new repository for GNOME 3 Extensions

Not before time, the GNOME project has set up a central website for GNOME Shell extensions. It seems to be in the hands of extension developers to make GNOME 3 more palatable to those who find it not to their taste in its default configuration. If you are using Firefox, installation is as easy as clicking the ON/OFF icon for a particular plugin on its web page and then selecting install in the dialogue box that pops up. Of all the browsers that you can use on GNOME, it seems to be Firefox that is the only one that has this ability at the moment.

Though the website may have the alpha legend on there at present, it works well enough so far, so I have had no hesitation in using it for those extensions that are of interest to me. This is an interesting development that deserves to stay, especially when it detects that a plugin is incompatible with your version of GNOME.

Currently, I use GNOME 3.2, and it pops up a useful menu for deactivating extensions when the desktop fails to load. That's a welcome development because I have had extensions crashing GNOME 3.0 on me and running the GNOME Tweak Tool on the fallback desktop often was the only alternative. GNOME 3 seems to be growing up nicely.

Making a custom button to hide or display the Google Toolbar in Firefox

While adding more toolbars to Firefox is all very fine, they can take up space on the screen. Even with the big screens that many of us have these days, it's still nice to be able to see more of what we use web browsers to visit: web pages. For the Web Developer extension's toolbar, there is the Toggle Web Developer Toolbar plugin for showing and hiding the thing when so desired. As it happens, I keep it hidden until I need it and I fancied doing the same thing with the Google Toolbar but found none. Instead, I happened on a tutorial that used the Custom Buttons plugin to define a custom button. That gives you an entry named Add new button... to the context menu that appears when you right-click on the main menu bar near the top of the Firefox window. When you select the that extra entry in the menu, you get the dialogue box that you see below.

In there, that are some form fields that need filling. Button URL is an option without which you can do, but I entered "Toggle Google Toolbar" into the Name field while also sourcing an image to be used on the button instead of the default (a Google logo, naturally...). The last step is to add the code below underneath the /*CODE*/ comment line, leaving the latter in place.

const toolbar = document.getElementById("gtbToolbar");
toolbar.collapsed = !toolbar.collapsed;

With all that completed, clicking on the OK button is all that's needed to finish off the button definition. With that done, the next step is to add the button where you want it by right-clicking on the top menu bar again and selecting the Customise... entry. From the list of buttons that appears, just pick the new one and drag it to where you want it to go. Then, you're done with what might sound like a roundabout away of putting in place a space saver, but I can live with that.