Ernesto Amato

Spreading innovation and technology with passion and enthusiasm!

Blog

  • On the Agentic AI Browsers War, the End of the Web, and the Dawn of the Agenticverse

    On the Agentic AI Browsers War, the End of the Web, and the Dawn of the Agenticverse

    OpenAI’s ChatGPT Atlas was announced on October 21, 2025. We were already familiar with Perplexity’s Comet, and we know that Google offers Gemini within Chrome and Gemini Computer Use (the latter, for now, only via API, waiting for Gemini 3 Agent). Then there are niche products like DIA (aka ARC) and Fellou. TCurrently, the only major player missing is the Edge/Copilot duo…

    We have heard a great deal about browsers equipped with integrated AI agents capable of performing actions on behalf of the human user.

    Essentially, these are standard web browsers (almost all based on the open-source Chromium project) integrated with generative AI models capable of:

    • having read/write access to all pages visited by the browser and/or applications present on the user’s PC;
    • maintaining a memory of the choices/actions made by the human user.

    Some of these Agentic AI browsers require access to all available user information right from the installation phase (for example, Comet allows you to link your Google account). In this way, they can begin to “learn” user behaviors as early as the initial configuration.

    The benefits of this new type of web navigation tool are manifold (or so we are told). Being able to interpret the content of the pages we are browsing, the AI model can understand the context and interact with it. For example:

    Interaction with Page Content

    This ranges from the automatic filling of forms (which raises a massive ethical question regarding, for example, the automatic completion of online exams) to the ability to proceed autonomously in navigation using buttons and hyperlinks.

    Automating Actions on Behalf of the User

    It is possible to leave the system to complete a purchase procedure on e-commerce sites (see Perplexity’s latest remarks regarding Amazon’s request on the use of Comet to complete purchases on its platform) or to book a table at a favorite restaurant or the next vacation. There is already abundant talk of Agentic e-commerce.

    Personalized Assistance

    If we provide access to online tools such as email or services like Reddit, Discord, and even WordPress, our Agentic AI browser can perform complex actions on our behalf, autonomously and in a personalized manner.

    Workflow Management

    Any activity managed via online platforms can be considered within the reach of AI-aided browsers. Think of social media management, planning a marketing campaign, and the subsequent analysis of results. Fellou goes a step further: it allows users to grant privileges to operate with other installed applications and the operating system itself, taking the autonomous management of many operational tasks to an impressive level.

    These are just a few examples of what AI Browser Agents can already do, and many other Use Cases are yet to be discovered.

    However, I believe there are significant considerations to be addressed.

    1) Fraudulent Use

    We have already touched upon the first point: many university and professional courses are available online, presenting both admission tests and final evaluations remotely via computer.

    Experiments have already been conducted in this regard and, apparently, with excellent results. Clearly, the response from the producers of AI models integrated into browsers has been to condemn this type of use of their applications: here is Perplexity CEO Arav Srinivas’s response, “Absolutely don’t do this“.

    The fact remains that this is an illicit (if not fraudulent) use that is not technically prevented by the models themselves.

    2) Privacy and Data Usage

    The second consideration concerns the data we entrust to these Agentic AI browsers. How is that immense volume of personal, private, and sensitive data we provide in real-time actually used?

    I examined a few Privacy Policies, and I was left rather perplexed.

    Dia – The Browser Company

    Let’s start with The Browser Company’s Agentic AI browser, Dia. It natively allows for blocking Ads, Trackers, and Cookie Banners… that is already a good start.

    The Home Page, although in the very last area reached by scrolling down, states: “Privacy in Dia, You are in Control” with a link to a section of the site dedicated to how our data is used when working with Dia. I must say the initial impression is positive: all data is stored and encrypted on our device. Only prompts are sent to Dia servers and passed to one or more unidentified “AI Partners.” In any case, it is expressly stated that they are not used for AI model training: “These partners are restricted from training on your data, and may not store it after your request is complete” (may not store??).

    It also states that Dia, if permitted, will use our data to improve its services, “working to avoid storing and processing information from sensitive sites such as financial or banking services or related to health information.”

    However, reading the Privacy Policy document in its entirety, there is a discordant note regarding European Union residents: “Dia is hosted and operated in the United States (“U.S.”) through The Browser Company and its service providers. If you live outside the U.S., local laws may differ. By using Dia, you acknowledge that any personal data about you, regardless of whether provided by you or obtained from a third party, is being provided to The Browser Company in the U.S. and will be hosted on U.S. servers, and you authorize The Browser Company to transfer, store and process your information to and in the U.S., and possibly other countries.”

    Fellou – ASI X

    Proposed as “The World’s First Agentic Browser,” it offers the possibility of granting access to apps and OS files, allowing for complete management of any workflow. With this premise, it is clear that the information on data usage must be read absolutely carefully.

    Unfortunately, unlike Dia, this information is relegated to a single link in the footer of the official site where the Privacy Policy is present.

    Reading the document, it becomes evident that Fellou has the right to access any information necessary to use the system itself, from geolocation to information we enter on any site, up to what is present on our computer if we grant permissions to the “Computer Use” functionality.

    All this information will be used to train the underlying LLM model.

    Furthermore, Fellou may send this information to any business partner it deems necessary in order to offer and/or improve its services.

    Then there is a paragraph that I will quote in full: “We will not collect sensitive information such as identification documents and numbers, bank accounts, passwords, etc. However, due to technical limitations and the way you use our Services, we may unwittingly collect other personal data that you voluntarily input into the Services, which may include the said sensitive information. We will immediately delete or anonymize such information once noticed by us. For your security, please do not input sensitive information into our Services.

    Perhaps we should pause for thought before deciding to give full access permissions to all data present on our computer.

    ChatGPT Atlas – OpenAI

    At the time of writing this article, Atlas is the latest Agentic AI Browser presented to the public, currently available only for MacOS. Thanks to the integration of the ChatGPT Agent into a Chromium browser, OpenAI—the company that opened the Pandora’s box of Generative AI back in November 2022—has launched its latest innovation.

    The ability to autonomously manage privacy settings regarding integrated memory and the visibility of certain sites is one of the first options found on the Atlas webpage dedicated to privacy and security.

    Interesting is the “disconnected” mode, where no cookies will be used and no access to any online account will be performed without specific user authorization.

    The setting relating to the use of sent information for training OpenAI models is disabled by default (unless you have already enabled it in your ChatGPT account).

    We are well aware of OpenAI’s approach to Data Privacy and the security of its models: fluctuating! In any case, the options offered by ChatGPT Atlas regarding personalization in the use of one’s data are very granular and allow them to be activated or deactivated very simply.

    I will stop here with this overview, in the hope of having stimulated everyone’s interest in reading the fine print of Privacy Policy documents.

    3) Cyber Security

    Finally, and certainly not least, comes cybersecurity.

    Immediately after the mass market introduction of LLMs, evidence of the intrinsic security problems of these systems was brought to light. Prompt Injection was the first case of a security flaw allowing the manipulation of these models to obtain results that were, let’s say, unexpected

    Today, the specific problem has at least been contained, although not eliminated precisely because it is intrinsically impossible to eliminate. But the advent of Agentic AI browsers exponentially elevates similar risks.

    For example, on October 27, 2025, Layer X found the first security flaw in Atlas: an exploit through which it would be possible to have Atlas execute malicious code inserted within ChatGPT’s memory. Here is the full article.

    Certainly, the various LLM and Agentic AI producers are trying to take cover. In this sense, Meta’s approach “Agents Rule of Two” seems to be a good first step.

    Then there is the other side of the coin: why not use these tools for fully automated and autonomous cyberattacks against third-party systems?

    There are several reported cases where the use of Generative AI models has supported hackers. But on November 13, 2025, Anthropic confirmed that it detected a vast cyberattack that took place in mid-September in which one of its models, Claude Code, was used in “agentic” mode, autonomously performing up to 80% of the operations normally executed by humans: “We believe this is the first documented case of a large-scale cyberattack executed without substantial human intervention.” From here, the step to utilizing Agentic AI browser versions for the same purposes is truly short.

    Another example is the current futility of systems based on the CAPTCHA principle (Completely Automated Public Turing test to tell Computers and Humans Apart). What sense can a system for recognizing human beings have—through understanding deliberately difficult-to-interpret text expressed as an image or identifying the content of images based on a written request—when LLMs integrated into browsers can make probabilistic assumptions about what they read and see on a webpage with a precision bordering on 100%?

    What the Future Holds

    Although Agentic AI browsers seem to be a possible keystone for financing a business model that until today has proven to be at a heavy loss and seems set to remain self-financed for the next 5 years, I believe the real step forward will be taken when we see agentic systems interacting with each other.

    Imagine having a series of AI Agents (including those integrated into your favorite browser) at our “service” communicating with other external AI Agents, belonging to private citizens, institutions, or commercial companies. We would then have an autonomous ecosystem—hopefully only partially so—capable of performing countless activities without our direct intervention and at an impressive speed. Perhaps, finally, we will manage to have administrative tasks opened and successfully closed in a single working day!

    I would like to close with a final provocation: I have read some “historical” references to the browser wars of the end of the last millennium and the beginning of this one (the first one between Mosaic, Netscape, and Internet Explorer; the second one between Chrome, Firefox, Opera, Edge, etc.) as a comparison with what could be defined as the third browser war, the Agentic one. Personally, I see a profound difference:This new struggle is not over controlling the interface, but over the fundamental necessity of the web itself.

    It is worth noting, however, that today, November 30th 2025, marks the three-year anniversary of ChatGPT’s initial release, the LLM that fundamentally shifted the general public’s perception of AI. And look what we achieved in such a short time!

    Let’s try to take a step further (perhaps a flight of fancy): will we really still need browsers? What sense will it make to own a website if the majority of interactions with our users occur thanks to AI Agents, soon available as stand-alone programs? And if websites no longer exist, what purpose would browsers serve?

    We are talking about the dawn of an Agenticverse where interactions will occur in Agent-to-Agent mode. An ecosystem where everything is managed in a completely transparent manner to the user. We will be able to ask our agents for any information, any action, any operation, without the need to “go to Google.”

    A prospect that is alluring and frightening at the same time.

  • AI Assistant vs RAG vs AI Agent

    We really need some clarifications. Nowadays I’m hearing a lot of people talking about AI Agents, the newest trend in AI.

    Well, most of the times, when I ask to explain what they mean with ‘agent’ the answer is typically the… wrong one!

    And it gets worse when we talk about RAGs.

    First things to know: all of them are based on foundation AI models and use GenAI models to interact with users (if you still have some doubts about what GenAI is you can read this article: Generative AI explained, in a (very) simple way).

    Ok, let’s try to explain what they are..

    AI assistant

    “It is a software application that uses artificial intelligence to understand user commands, process them, and perform specific tasks to help users.”

    This definition is created by Gemini.

    Some early examples of AI Assistants have been Amazon’ s Alexa, Apple’s Siri, Google’s Assistant, etc.

    Today, thanks to GenAI models, you can interact with AI Assistants using NLP (Natural Language Processing) and you can personalize them providing detailed descriptions of the context in which the assistant could work and specific information (via files or links or other sources) to be used as a knowledge base.

    Note: these “additional” knowledge bases are not used to train the model.

    Now you can start building your AI Assistant by describing what its purpose is, how to use files within the knowledge base, how to connect via API to external services, etc. Then, you add your prompt, and the AI Assistant will answer with the right information based on what you provided using its foundation model… hopefully 🙂

    RAG (or KAG or CAG or…)

    Retrieval Augmented Generation (RAG) is a technic to optimize LLMs providing direct connection to external knowledge bases.

    As you know, LLMs are trained using large data sets, but most of the time they have generic knowledge of many topics.

    When you need to train one LLM to a domain-specific topic then you can use RAGs.

    A RAG first retrieves relevant information from external sources and then uses that information to generate the answer.

    You can develop Enterprise RAGs to offer to your employees a specific knowledge-based AI Assistant.

    If AI Assistant is an application, RAG could be the underlying technique used to make “plain” assistants more knowledgeable and reliable.

    AI Agent

    I like this definition given by ibm.com web site: “If AI assistants are reactive, performing tasks at your request, AI Agents are proactive, working autonomously to achieve a specific goal by any means at their disposal.

    Applications based on AI Agents (have you heard about Agentic Commerce?) seem to be the new buzzword in the Generative AI field. Maybe the real “killer application” that will finally provide a real ROI.

    We are talking about decision-making capabilities.

    One of the best examples available today is the “AI web browser” field: Comet by Perplexity and Project Mariner by Google DeepMind.

    Both promise to offer a highly personalized experience (if you open your life information to them…) and decision-making capabilities. You can also use them to fill web based forms, maybe examination forms (https://fortune.com/2025/10/10/ai-cheating-on-homework-chatbots-students-education-perplexity-ceo-coursera/)

    Today, you can also create AI agents in a simple way thanks to Gemini 2.5 Pro Computer Use feature.

    Conclusions

    That’s it! Now you know a little bit more about GenAI systems. I’m sure you also understood that you should use AI Assistants (using RAGs) or AI Agents based on your specific needs… and their costs.

  • Generative AI explained, in a (very) simple way

    Novembre 30th 2022: OpenAI revels it’s LLM, ChatGPT! One of the first examples of Generative AI. But, exactly, What GenAI is?

    Let’s start moving some step back to types of Artificial Intellingence: Rules based AI and Learning based AI.

    Rule Based AI

    Imagine one of the rovers on Mars. What does it happen when an obstacol is in front of him? Simple, developers provided a set of rules to apply when something new happen: if you find an obstacol go back, move to the right and go forward. That’s exactly the same rule that our home cleaning robot follows in our houses.

    The most important thing is that not the rover on Mars, not our clieaning robot have been informed about the planimetry of the house or of Mars. So they have to improvise and learn where the obstacole is so to not run into it again.

    With Rule based AI we provide rules to the AI model, the model adapt to a new (never seen) input appling that rules and learn something new to be used for the future.

    This is the basis for games’ AI model such as chess, or Go.

    Learnig Based AI (a.k.a Machine Learning)

    What if I provide to an AI system the rule to… create yourself the rules extracting them from a very very very very large amount of data? Well, this is a Machine Learning algorithm (in a very very very very simple way).

    Let the machine find the connections among information provided so to be ready to categorize in the right way next (never seen) input.

    As you can imagine, this implies that training data need to be very very very very accurate and that you need also a set of testing data to verify the inferenced rules are… well, the right ones. This is called unsupervised learning.

    Maybe, you can also try to supervise the learning process so to correct some non valid inferenced rule. In that case is called superviced learning.

    When the tasks became really difficult that machine learning need to jump to Deep Learning, usign different algorithms. To semplify, if with a machine learning algorithm your AI model is able to indentify with a picture if there is a human or a plant, with deep learning algorithms your AI model is able to understand in the same picture the emotions that the human seems to feel. This is a complete new the level of complexity.

    Generative AI

    When a Deep Learning AI Model is used to create content, you have a Generative AI Model! Very simple.

    LLM (Large Language Model) is one of the Generative AI models.

    So, Generative AI models suffer from the same issues as Machine Learning and Deep Learning models. Bad training data? Then you will have lot of hallucinations (yes, this is the technical term to identify errors in contente generated by AI).

    And that’s it. In a very very very simple way!

  • How an LLM thinks. Anthropic knows it, finally!

    Using a technique known as circuit tracing Anthropic’s researchers found interesting, and some time unexpected, evidences about how its LLM Claude 3.5 Haiku respond to some tasks.

    Anthropic just published two papers related to Claude’s decision-making processes. The first one describes how they applied the circuit tracing technique, the second one the results of the tracing among 10 simple tasks.

    Reading both papers has been amazing! A known technique brought to the next level and its application to the LLM shows how chain of thoughts seems to work.

    Among 10 tasks tested two evidences are really unexpected, at least in my opinion.

    Simple math problem such as a sum are solved with a ‘-ish’ approach. As human, sometimes, when we need to solve something like 46 plus 58 we sum 45+55=100 and then add the rest 1+3=4 to 100+4=104. Well, Claude seems to use the same approach, but if you ask to explain how it solved the sum then it offer the classic methodology: 8+6=14, write 4 and carry 1, then 4+5+1=10 as 10s so equal to 108. But this is not the process the Claude applied to solve the sum! That should bring lot of concern about the trustworthiness when asking to a LLM to explain the reason behind an answer!

    The second evidence came when Claude has been asked to complete a simple poem, given the first part ‘He saw a carrot and had to grab it’, find the rhyming couplet. In that case the first works found by Claude has been ‘rabbit’ then the LLM found the previous worlds to complete the sentence: ‘His hunger was like a starving rabbit’. Previous words???? Yes!!! It seems that Anthropic LLM is able to plan ahead, finding as first word the rhyme and that building the rest!

    These two examples give an idea of how little we know about LLMs’ reasoning processes.

  • AI Governance, what it is and why we need it!

    Let’s start defining “governance” as a set of rules, processes, frameworks, and tools within an organization to ensure that what we are doing aligns with internal principles and values, legal requirements, and social and ethical standards.

    When it comes to AI we are talking about everything we need to evaluate the right development, use and adoption are in place.

    As well as other IT/Digital systems, also AI solutions have a lifecycle, from “Planning & Design” to “Operation & Continuous Monitoring”. AI Governance needs to cover all the lifecycle’s steps.

    To put in place a good AI Governance we need:

    • Right stakeholders (AI Team, Dev Team, AI Lead, Legal Team, Customer and Coworker Success Team)
    • AI Policy (rules, values and guidelines)
    • Risk categories (in EU based on EU Artifical Intelligence Act)
    • AI Registry (to maintain always updated)
    • Solid AI Literacy plan (general mandatory training for any coworker)
    • AI Adoption guidelines (specific training plan, clear business value, KPIs or OKRs, etc, on a single AI project basis)

    Luckily we don’t need to reinvent the wheel. There are several AI Governance frameworks already available and ready to use.

    There also many other frameworks available from IT vendors, maybe they are more actionable, but strictly connected to owned specific solutions.