Brave has introduced a new AI browsing feature that leverages Leo, its privacy-respecting AI assistant, to perform automated tasks for the user.

Intended to assist with tasks such as autonomous web research, product comparison, promo-code discovery, and news summarization, the feature is currently in its testing phase and accessible through the Brave Nightly version.

The new agentic AI browsing mode is disabled by default and represents the first step towards tighter AI-user integration for the privacy-focused browser.

AI risk and how Brave deals with it

Brave stresses that agentic AI browsing is "inherently dangerous" and shouldn’t be used for critical operations, mainly due to prompt injection attacks and the potential for misinterpreting users' intent.

To mitigate this risk, the new mode runs on a separate, isolated profile that does not have access to the user’s cookies, login information, and other sensitive data.

The mode will also be restricted from accessing the browser’s settings page, non-HTTPS sites, the Chrome Web Store, where it could download extensions, and any sites flagged by Brave’s Safe Browsing system.

All its actions will be visible in tabs, and anything risky will trigger warnings to the user, requesting their explicit approval.

Additionally, the mode will be monitored by an ‘alignment checker’ mechanism, similar to what Google announced recently for Gemini’s agentic mode on Chrome, where an isolated second model evaluates whether the agent’s actions match user intent.

Being isolated, this second model cannot be affected by prompt-injection attacks that target the primary agent.

Additionally, Brave will encode specific policy-based rules and use models trained to mitigate prompt injection, such as Claude Sonnet, to provide effective protection.

Regarding data privacy, which is Brave’s core value, the vendor says there will be no compromise. The system will keep the same ad/tracker blocking and no-logs policy, while no user data will be used for AI model training.

Testing the new mode

Those interested in testing Brave’s new agentic AI mode can do so only through Brave Nightly, after enabling the “Brave’s AI browsing” flag in ‘brave://flags.’

This will enable a button on Leo’s chat box that activates the new browsing mode.

Tester feedback to help address any issues may be submitted here, while Brave also announced it’s doubling its HackerOne bug bounty payments for in-scope submissions concerning AI browsing.