- Agentic browsers let users give natural‑language commands to web pages, but they also open a shortcut for cross‑origin data leaks.
The paper introduces SOPBench, a test suite that measures same‑origin policy (SOP) violations in these browsers. Experiments on several open‑source agents reveal frequent breaches, even when users run harmless queries. The authors then add SOPGuard to BrowserOS, an agentic browser prototype, and report that it stops the leaks while adding only modest latency.
If SOP can be sidestepped, malicious actors could harvest cookies or credentials simply by phrasing a request to the AI. The findings matter because agentic browsers are being shipped in beta to developers and could soon reach mainstream users. A lightweight guard like SOPGuard may become a needed standard component rather than an optional add‑on.
For now, the study is a reminder that adding AI layers does not automatically inherit existing browser defenses; security tooling must evolve alongside new capabilities.