Deep Dive Into Architectural Vulnerabilities In Agentic LLM Browsers
Varonis, Monday, April 13th, 2026
Varonis Threat Labs investigated Comet, OpenAI Atlas, Edge Copilot, and Brave Leo to understand how LLM browsers work and where attackers can break them.
Since the first LLM-powered browser was unveiled in July 2025, the web has fundamentally transformed from a passive window into an active, intelligent agent. Users no longer just visit websites; they can delegate complex tasks to AI assistants that can navigate, read, and act on their behalf.
These agentic browsers promise unprecedented productivity, turning simple commands such as "summarize my emails and 'book a meeting" into seamless automated workflows. However, by giving browsers the autonomy to act, we have opened the door to sophisticated new attack vectors.