Summary4 min read

The Audit Podcast: "IA on AI – Keep AI browsers out of your enterprise"

Host: Trent Russell
Date: December 17, 2025

Episode Overview

This episode of The Audit Podcast, part of the IA on AI series, focuses on the critical and timely risk posed by emerging AI-enabled web browsers within enterprise environments. Drawing on insights from leading industry analysts such as Gartner and a new warning from OpenAI, Trent Russell explores why organizations should be vigilant about adopting these browsers, the security and data governance challenges they introduce, and necessary steps for internal auditors and IT leaders.

Key Discussion Points & Insights

1. Gartner's Warning on AI Browsers

AI browsers cited: OpenAI’s Atlas, Perplexity’s browser, and similar agentic web browsers flagged as major security risks.
Primary concerns:
- Unmitigated security risk
  - These browsers can access web pages, emails, and internal content, process data, and potentially leak sensitive information outside of the enterprise’s control.
- Potential for irreversible, untraceable data leaks
  - The AI’s ability to process and expose sensitive data increases risk.
Recommendation: Full ban of AI browsers in enterprise settings.

"I think if you are on your AI governance committee, it should be raised to those folks as well." (Trent Russell, 01:07)

2. Understanding AI Browser Risks

Agentic services in AI browsers:
- Browsers with agent-like capabilities can act autonomously, sometimes clicking links or taking actions without user prompt.
- Risk: AI could inadvertently click on phishing links or interact with malicious content.
Prompt injection attacks explained:
- Similar to SQL injection but involves embedding hidden prompts in web pages to control browser behavior without user awareness.
- Example: Hidden text on a web page acts as a prompt and can direct the AI browser to perform unintended actions.

"There could also be hidden text somewhere on the page that's telling your browser what to do, as if you were writing the prompt." (Trent Russell, 02:03)

3. Current Recommendations for Enterprises

Immediate action:
- Do not download or allow the use of these AI-powered browsers on work devices.
- Even recommends avoiding use on personal devices for added precaution.
Future considerations:
- Control solutions for AI usage in enterprises may take years to mature.
- Despite general reluctance to blanket bans, AI browsers are an exception given current risk and lack of robust controls.

"I'm usually not a huge fan of just like, hey, let's block everything so that nobody can have access to it. But I think I would be willing to make the exception here if I was the CTO or someone in that role." (Trent Russell, 03:19)

4. Communicating Risk and Taking Action

Leverage reputable sources:
- Use Gartner’s research as authoritative evidence to support internal recommendations—especially if AI governance committees or leadership require external validation.
- Internal advocacy is more effective when backed by respected industry analysis.

"Maybe if it's coming from Gartner they will be more prone to listening." (Trent Russell, 03:55)

5. OpenAI’s Latest Cybersecurity Warning

Next-gen AI models and risks:
- OpenAI reports their next generation models might autonomously develop zero day exploits or facilitate complex hacking operations.
- General consensus that this shouldn’t surprise anyone, but serious preparations are necessary.
Internal audit’s role:
- Critical function is to rigorously evaluate incident response plans in light of escalating AI-driven cyber threats.

"AI driven cyber attacks are going to be insane. I think at this point the best thing we can do from the internal audit perspective is to evaluate with incidents response plans. Make sure we're good to go from there." (Trent Russell, 05:07)

Notable Quotes & Moments

On raising awareness:
"I think if you are on your AI governance committee, it should be raised to those folks as well." (01:07)
On prompt injection:
"That's basically where you have the AI browser and it is autonomously doing its work through the agentic services and maybe it accidentally clicks on a phishing link or something to that effect." (01:54)
Balancing risk with innovation:
"I'm usually not a huge fan of just like, hey, let's block everything...But I think I would be willing to make the exception here if I was the CTO." (03:19)
On audit’s best next steps:
"Evaluate with incidents response plans. Make sure we're good to go from there." (05:07)

Important Segment Timestamps

00:00–01:07 – Introduction; Gartner warning overview
01:08–02:24 – How AI browsers function and security implications
02:25–03:18 – Prompt injection attacks and recommendations
03:19–03:54 – Immediate organizational steps and leadership messaging
03:55–04:22 – Leveraging Gartner’s authority for policy decisions
04:23–05:07 – OpenAI cybersecurity warning and next-gen AI concerns
05:08–end – Internal audit’s proactive stance

Conclusion

The episode delivers a clear and urgent message: despite rapid AI-related innovation, AI-enabled web browsers introduce sweeping data security and compliance risks for modern enterprises. Immediate, broad restrictions are justified until technology and governance controls can catch up. As Trent Russell emphasizes, auditors and IT leaders need to act decisively, leveraging credible research and ensuring that incident response plans are robust enough for the AI-powered threats of tomorrow.

Loading summary

Transcript1 lines

[00:00]
A
Welcome to the IA on AI Podcast, part of the Audit Podcast Network, where we bring you weekly updates on AI from the internal auditor's perspective. Here we go. From computerworld.com Keep AI browsers out of your enterprise, warns Gartner. Analysts at Gartner warn that emerging AI enabled web browsers like OpenAI's Atlas and Perplexity's comment pose unmitigated security risk and potential irreversible untraceable data leaks. They recommend that enterprises ban these browsers entirely. I think if you are on your AI governance committee, it should be raised to those folks as well. So if you think about like a browser that has AI or even agentic services as part of it, it's going to be able to see the web pages you're at, your emails, internal content also, and it's going to process that and potentially expose that sensitive information. We've talked about prompt injections on the show also, but those that are. That's maybe still a new term. That's basically where you have the AI browser and it is autonomously doing its work through the agentic services that it has and maybe it accidentally clicks on a phishing link or something to that effect. There could also be hidden text somewhere on the page that's telling your browser what to do, as if you were writing the prompt. So the way, the same way you might prompt it to do something that could be hidden somewhere on a website or something like that and the browser is going to pick up on that and take it as a prompt coming from you. Same way if you know about SQL injections, something similar to that effect. I know we made the recommendation when these first started coming out. Just don't download them for sure. On work laptops I don't have it on a personal. I'm not going to have it on the work one either for the foreseeable future and actually to that point on the foreseeable future. This article goes on to say emerging AI usage control solutions will likely take a matter of years rather than months to mature. I'm usually not a huge fan of just like hey, let's block everything so that nobody can have access to it. But I think I would be willing to make the exception here if I was the CTO or someone in that role. So I would check see if you are able to download these and if so I would highly recommend you can use this article as further proof. I'm sure you went to your AI governance committee or whoever and said Trent Russell said don't do it. They'd be like, I don't know who that is and don't care. But maybe if it's coming from Gartner they will be more prone to listening. From Reuters OpenAI warns new models pose high cybersecurity risk I don't think this is like a huge shock to anyone, but they did send the warning that with their next gen AI models they could pose a high cybersecurity risk as they might autonomously develop zero day exploits or aid complex hacking operations. AI driven cyber attacks are going to be insane. I think at this point the best thing we can do from the internal audit perspective is to evaluate with incidents response plans. Make sure we're good to go from there. Thank you for listening and be sure to follow the link to greenskiesanalytics.com in the show notes and schedule time to see how green skies can make the hype of AI a reality in your internal audit department.