Background

Brave Starts Experimenting With Its Own AI-Powered Agentic Browsing, By Taking A 'Careful Approach'

Brave agentic browsing

The large language models (LLMs) war isn't just about who builds the smartest chatbot anymore. It's also about pushing the web itself into a new era of agentic browsing.

This can be described as utilizing AI, where it doesn't just answer questions but acts on users' behalf across the open internet. Companies including OpenAI with ChatGPT Atlas, Perplexity with its Comet browser, The Browser Company with its revised Dia, Opera with its new Neon, and Google integrating AI deeply into Chrome are racing to redefine how people browse, search, and interact with information online.

These emerging tools blur the line between searching for information and completing tasks autonomously, from gathering research across multiple sites to filling shopping carts and comparing product prices.

Into this rapidly evolving landscape, Brave is making a move of its own by adding AI browsing to its experimental Nightly build, positioning its native assistant Leo to do more than just chat.

Rather than simply returning a summary or a static response, Brave's agentic AI browsing aims to navigate the web on users' behalf, visiting sites, aggregating diverse sources of information, and acting on practical requests users give it.

All while striving to preserve the users' privacy.

This feature is currently behind an opt-in flag in Brave Nightly for early testing and feedback, reflecting both Brave’s innovation and caution in one.

In the announcement, Brave said that:

"Today, we’re announcing the availability of Brave’s new AI browsing feature in Brave Nightly (our testing and development build channel) for early experimentation and user feedback. When ready for general release, this agentic experience aims to turn the browser into a truly smart partner, automating tasks and helping people accomplish more."

"However, agentic browsing is also inherently dangerous. Giving an AI control of your browsing experience could expose personal data, or allow agentic AI to take unintended actions. Security measures are tricky to get right and disastrous when they fail [...] "

"For this reason, we’ve chosen a careful approach to releasing AI browsing in the Brave browser and soliciting input from security researchers."

Brave’s approach to enabling agentic browsing reflects its longstanding identity as a privacy-first browser.

From the early days of its in-browser AI assistant Leo, a feature that brought interactive summaries, content analysis, and chat directly into the browsing experience without relying on third-party services, the company has focused on embedding AI that respects user data and anonymity.

Leo doesn't require accounts or logins, and Brave’s standard no-logging policies mean user interactions aren’t retained or used for model training, setting it apart from many other AI browsers.

And this time, Brave is trying to provide an entirely new AI browsing experience by further by putting agentic AI into an isolated browsing profile, deliberately separating it from users' regular session so that personal data, cookies, and logged-in states aren't exposed to the autonomous agent.

Brave has also added alignment checking, a second AI model that reviews the agent’s planned actions against users' original request, and requires explicit user invocation and consent for tasks.

This reasoning-based approach acts as "an additional guardrail against malicious websites," explained Brave.

The AI browsing experience is also off by default, and has to be manually invoked, in order to give users to utmost control over the experience.

These layered safeguards show Brave’s attempt to balance innovation with user control and privacy, even as the company acknowledges the inherent risks of agentic AI.

Brave's cautious rollout is not just about avoiding harm.

Instead, it's its strategic response to the broader AI browser wars. While competitors push forward with their own agentic visions, they also face challenges, ranging from security vulnerabilities like prompt injection attacks to privacy concerns over data collection and tracking in server-side architectures.

Independent browsers like Perplexity’s Comet have demonstrated both the promise and the peril of letting AI navigate for users, underscoring why thoughtful design and robust protections matter.

By experimenting first in the Nightly channel and soliciting input from both users and security researchers, Brave is trying to stake out a unique position: offering the powerful new class of AI-powered browsing while staying true to its ethos of user empowerment, transparency, and privacy preservation.

The goal isn’t just to chase what others are doing, but to build a future browsing experience where intelligent agents can help accomplish real tasks without surrendering control of users' data or their device.

The race to build AI-powered browsers has become the next front in the LLM war, following the shockwave unleashed by ChatGPT. A number of tech companies are now trying to move beyond traditional browsing by creating tools that don't just display webpages, but actively think, navigate, and complete tasks on a users' behalf.

With these agentic browsers, they promise a future where searching, booking, buying, and researching are delegated to AI. But early testing shows these products are still under-baked, riddled with bugs, and far from ready to replace incumbents like Google Chrome.

The core appeal of AI browsers is their ability to act autonomously. Unlike search engines that return links or chatbots that summarize information, agentic browsers attempt to carry out full workflows: finding a restaurant, navigating booking pages, and making reservations, all without direct user clicks.

But to do this, they must deeply process webpage content and often integrate with sensitive user data such as email, calendars, accounts, and payment information. That depth of access is exactly what worries security experts, who argue that today's AI browsers prioritize convenience over safety.

A lot of security experts and analysis firms have gone as far as advising people, especially organizations' to refrain from using AI browsers, at least for now. Their warning centers on the risks of agentic behavior and AI sidebars that send browsing data to cloud-based models.

Because large language models cannot reliably distinguish between trusted user instructions and untrusted text hidden on websites, they are vulnerable to attacks. Researchers have demonstrated how hidden instructions embedded in webpages, comments, or even URLs can trick AI browsers into leaking emails, extracting data, making unwanted purchases, or navigating to phishing sites, all without the user realizing anything is wrong.

While companies are experimenting with mitigations such as sandboxed sessions, restricted permissions, and AI alignment checks, none of these solutions fully address the underlying issue.

And here, Brave is putting a lot to the table, in its hope to be part of a future that is both powerful and uncertain.

Brave encourages anyone to send it feedback, and even doubled its usual bounty amounts for this particular build.

Published: 
15/12/2025