Major companies have released web browsers with AI support, mainly in the form of chatbots that can read webpage content or act as agents to navigate sites, click or interact with elements, shop (add items to carts, book flights), fill out forms, and complete end-to-end workflows such as grocery delivery.

Top AI browsers on the market in 2025

• ChatGPT Atlas
• Microsoft Edge with Copilot
• Opera Browser with Aria AI or ChatGPT support
• Perplexity’s Comet Browser
• Arc Max
• Fellou: Agentic AI Browser

AI-powered browsers promising to revolutionize how we interact with the web. From OpenAI’s Atlas to experimental projects like Ladybird, these browsers integrate generative AI to streamline tasks, enhance productivity, and even order your Taco Bell. But with great power comes great vulnerability—privacy concerns and security flaws are casting shadows over their shiny features. Drawing from recent developments, including insights from The Code Report (October 22, 2025), this article explores the top AI browsers released recently, their standout capabilities, and the systemic issues that creators and users must navigate.

Atlas: OpenAI’s AI-powered browser

OpenAI’s Atlas, launched on October 22, 2025, is a Chromium-based browser built around ChatGPT, acting as an omnipresent assistant that can “see” your browsing activity, remember context, and execute tasks. Want to order food without opening DoorDash? Atlas can handle it by navigating apps and filling out forms in agent mode. Its key features include:

• Context-aware assistance: Uses browsing history to answer questions with relevant context.
• Agentic automation: Performs actions like ordering food or filling forms based on simple commands.
• Memory control: Users can manage what the browser remembers, addressing some privacy concerns.

Despite OpenAI’s claims of reinventing the browser experience, Atlas feels like “Chrome with ChatGPT bolted on,” according to The Code Report. Its reliance on Chromium raises questions about innovation, and its agent mode, while convenient, is clunky—likened to “a disabled pirate trying to use a mouse.” More critically, Atlas’s ability to monitor browsing history sparks privacy worries, even with user controls in place.

Perplexity’s Comet: The AI search companion

Perplexity’s Comet browser, another Chromium fork, integrates AI-driven search and assistance, aiming to simplify research and content discovery. It’s designed to provide instant, context-rich answers by analyzing web content in real time. Key features include:

• Real-time search synthesis: Combines web results with AI-generated summaries.
• Visual context analysis: Processes images and screenshots for deeper insights.
• Creator-friendly: Tailored for researchers and content creators needing quick, reliable answers.

Comet’s Achilles’ heel is its vulnerability to prompt injection attacks. In early 2025, Brave’s research team demonstrated how malicious instructions embedded in images could hijack Comet’s AI when screenshots were analyzed. This exposes users to risks like data theft, especially since browsers store sensitive cookies and personal data.

Fellow: The self-proclaimed first agentic browser

Fellow markets itself as the “world’s first agentic browser,” leveraging AI to autonomously navigate websites and perform tasks. Like Atlas, it’s built on Chromium and focuses on automation, such as booking appointments or scraping data for users. Its standout features are:

• Autonomous navigation: Follows user instructions to interact with websites independently.
• Task automation: Handles repetitive web tasks without manual input.
• Custom workflows: Appeals to power users who need tailored automation.

Fellow shares Comet’s prompt injection vulnerabilities. Brave’s team showed that simply instructing Fellow to visit a website with malicious code could compromise its AI, risking user data. This highlights a broader issue: agentic browsers are only as secure as their defenses against indirect prompt injections.

Systemic issues with AI browsers

AI browsers like Atlas, Comet, and Fellow rely on deep integration with user data, raising red flags for privacy. The ability to “see” and “remember” browsing activity, even with controls, creates a treasure trove for potential exploits. Brave’s 2025 research exposed how prompt injection attacks—embedding malicious instructions in images or websites—can hijack AI models, compromising sensitive data like cookies. The Code Report cites these as “systemic challenges” for the entire AI browser category, not isolated bugs.

Most AI browsers lean heavily on Chromium, leading to a homogenized user experience. Atlas, despite OpenAI’s bold claims, feels like a reskinned Chrome with AI features, echoing Perplexity’s Comet. This reliance stifles innovation and entrenches Google’s dominance in browser engines, limiting the diversity of the web ecosystem.

Mass-produced, minimally differentiated browsers risk diluting user trust, much like repetitive AI videos. YouTube’s July 2025 crackdown on low-value content suggests platforms may soon scrutinize AI browsers for similar reasons, especially if security flaws persist.

Advice for users and creators

For everyday users:

• Vet privacy policies: Choose browsers with clear data retention and deletion options, like Atlas’s memory controls.
• Limit sensitive tasks: Avoid using AI browsers for banking or personal logins until prompt injection risks are resolved.
• Explore Ladybird: If privacy is paramount, test Ladybird for a lightweight, independent alternative.

For creators:

• Leverage AI features: Use tools like Atlas’s agent mode for quick research or content automation, but verify outputs to avoid errors.
• Optimize for SEO: Incorporate keywords like “AI browser trends 2025” in content to capitalize on rising interest (e.g., “Pika Labs AI video” saw a 150% search spike).
• Stay authentic: Differentiate from AI slop by adding human insights, as YouTube’s monetization rules increasingly penalize low-effort automation.

Looking ahead

AI browsers like Atlas, Comet, and Fellow promise a future where the web is an interactive, AI-driven assistant. But their reliance on Chromium and exposure to prompt injection attacks reveal a gap between hype and reality. Ladybird’s independent approach offers hope for a more open web, but it’s too early to compete with AI-heavyweights. As The Code Report quips, even Benjamin Franklin might trade privacy for a quick Taco Bell order—but users shouldn’t have to.