{"id":"https://openalex.org/W7148283261","doi":"https://doi.org/10.1109/access.2026.3680147","title":"The New Web Attack Surface: A Taxonomy of Semantic and Agentic Threats in AI Browsers","display_name":"The New Web Attack Surface: A Taxonomy of Semantic and Agentic Threats in AI Browsers","publication_year":2026,"publication_date":"2026-01-01","ids":{"openalex":"https://openalex.org/W7148283261","doi":"https://doi.org/10.1109/access.2026.3680147"},"language":"en","primary_location":{"id":"doi:10.1109/access.2026.3680147","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2026.3680147","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1109/access.2026.3680147","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5132742971","display_name":"Pedro Henrique Sachete Garcia","orcid":null},"institutions":[{"id":"https://openalex.org/I72872986","display_name":"Universidade Federal do Pampa","ror":"https://ror.org/003qt4p19","country_code":"BR","type":"education","lineage":["https://openalex.org/I72872986"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Pedro Henrique Sachete Garcia","raw_affiliation_strings":["Federal University of Pampa, Alegrete, Brazil"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Federal University of Pampa, Alegrete, Brazil","institution_ids":["https://openalex.org/I72872986"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5078517872","display_name":"Paulo Silas Severo de Souza","orcid":"https://orcid.org/0000-0003-4945-3329"},"institutions":[{"id":"https://openalex.org/I72872986","display_name":"Universidade Federal do Pampa","ror":"https://ror.org/003qt4p19","country_code":"BR","type":"education","lineage":["https://openalex.org/I72872986"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Paulo Silas Severo de Souza","raw_affiliation_strings":["Federal University of Pampa, Alegrete, Brazil"],"raw_orcid":"https://orcid.org/0000-0003-4945-3329","affiliations":[{"raw_affiliation_string":"Federal University of Pampa, Alegrete, Brazil","institution_ids":["https://openalex.org/I72872986"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5049735246","display_name":"Marcelo Caggiani Luizelli","orcid":"https://orcid.org/0000-0003-0537-3052"},"institutions":[{"id":"https://openalex.org/I72872986","display_name":"Universidade Federal do Pampa","ror":"https://ror.org/003qt4p19","country_code":"BR","type":"education","lineage":["https://openalex.org/I72872986"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Marcelo Caggiani Luizelli","raw_affiliation_strings":["Federal University of Pampa, Alegrete, Brazil"],"raw_orcid":"https://orcid.org/0000-0003-0537-3052","affiliations":[{"raw_affiliation_string":"Federal University of Pampa, Alegrete, Brazil","institution_ids":["https://openalex.org/I72872986"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5024340439","display_name":"Jaline Mombach","orcid":"https://orcid.org/0000-0002-3044-7175"},"institutions":[{"id":"https://openalex.org/I4210147797","display_name":"Instituto Federal Farroupilha","ror":"https://ror.org/04eq71r04","country_code":"BR","type":"education","lineage":["https://openalex.org/I4210147797"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Jaline Gon\u00e7alves Mombach","raw_affiliation_strings":["Instituto Federal Farroupilha, Alegrete, Brazil"],"raw_orcid":"https://orcid.org/0000-0002-3044-7175","affiliations":[{"raw_affiliation_string":"Instituto Federal Farroupilha, Alegrete, Brazil","institution_ids":["https://openalex.org/I4210147797"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5132732992","display_name":"Andr\u00e9ia Dos Santos Sachete","orcid":null},"institutions":[{"id":"https://openalex.org/I4210147797","display_name":"Instituto Federal Farroupilha","ror":"https://ror.org/04eq71r04","country_code":"BR","type":"education","lineage":["https://openalex.org/I4210147797"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"Andr\u00e9ia Dos Santos Sachete","raw_affiliation_strings":["Instituto Federal Farroupilha, Alegrete, Brazil"],"raw_orcid":"https://orcid.org/0000-0003-2226-3322","affiliations":[{"raw_affiliation_string":"Instituto Federal Farroupilha, Alegrete, Brazil","institution_ids":["https://openalex.org/I4210147797"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5075787478","display_name":"F\u00e1bio Diniz Rossi","orcid":"https://orcid.org/0000-0002-2450-1024"},"institutions":[{"id":"https://openalex.org/I72872986","display_name":"Universidade Federal do Pampa","ror":"https://ror.org/003qt4p19","country_code":"BR","type":"education","lineage":["https://openalex.org/I72872986"]}],"countries":["BR"],"is_corresponding":false,"raw_author_name":"F\u00e1bio Diniz Rossi","raw_affiliation_strings":["Federal University of Pampa, Alegrete, Brazil"],"raw_orcid":"https://orcid.org/0000-0002-2450-1024","affiliations":[{"raw_affiliation_string":"Federal University of Pampa, Alegrete, Brazil","institution_ids":["https://openalex.org/I72872986"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.53425311,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"14","issue":null,"first_page":"54109","last_page":"54126"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.3853999972343445,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.3853999972343445,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.11729999631643295,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12519","display_name":"Cybercrime and Law Enforcement Studies","score":0.07880000025033951,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/taxonomy","display_name":"Taxonomy (biology)","score":0.649399995803833},{"id":"https://openalex.org/keywords/semantic-web","display_name":"Semantic Web","score":0.5733000040054321},{"id":"https://openalex.org/keywords/web-browser","display_name":"Web browser","score":0.48559999465942383},{"id":"https://openalex.org/keywords/social-semantic-web","display_name":"Social Semantic Web","score":0.3124000132083893},{"id":"https://openalex.org/keywords/web-standards","display_name":"Web standards","score":0.2994999885559082}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7897999882698059},{"id":"https://openalex.org/C58642233","wikidata":"https://www.wikidata.org/wiki/Q8269924","display_name":"Taxonomy (biology)","level":2,"score":0.649399995803833},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.6280999779701233},{"id":"https://openalex.org/C2129575","wikidata":"https://www.wikidata.org/wiki/Q54837","display_name":"Semantic Web","level":2,"score":0.5733000040054321},{"id":"https://openalex.org/C2983909278","wikidata":"https://www.wikidata.org/wiki/Q6368","display_name":"Web browser","level":3,"score":0.48559999465942383},{"id":"https://openalex.org/C534406577","wikidata":"https://www.wikidata.org/wiki/Q7550843","display_name":"Social Semantic Web","level":3,"score":0.3124000132083893},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3077999949455261},{"id":"https://openalex.org/C182321512","wikidata":"https://www.wikidata.org/wiki/Q1153289","display_name":"Web standards","level":3,"score":0.2994999885559082},{"id":"https://openalex.org/C51646954","wikidata":"https://www.wikidata.org/wiki/Q48522","display_name":"Word-sense disambiguation","level":3,"score":0.2953999936580658},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.2833000123500824},{"id":"https://openalex.org/C184337299","wikidata":"https://www.wikidata.org/wiki/Q1437428","display_name":"Semantics (computer science)","level":2,"score":0.26260000467300415}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/access.2026.3680147","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2026.3680147","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:574e8f769fec4813ba11bf9c4ed607ab","is_oa":true,"landing_page_url":"https://doaj.org/article/574e8f769fec4813ba11bf9c4ed607ab","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 14, Pp 54109-54126 (2026)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2026.3680147","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2026.3680147","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"AI-enabled":[0,128],"web":[1,159],"browsers":[2,70,129],"are":[3],"redefining":[4],"how":[5,172],"users":[6],"search,":[7],"read,":[8],"and":[9,42,54,63,88,104,117,130,137,150,191,202,218,225,233],"interact":[10],"with":[11,165,184],"online":[12],"information.":[13],"By":[14],"embedding":[15],"Large":[16],"Language":[17],"Models":[18],"(LLMs)":[19],"directly":[20],"into":[21,32],"the":[22,73,123,157,177,213,235],"browsing":[23,221],"pipeline,":[24],"these":[25,115],"systems":[26],"evolve":[27],"from":[28],"passive":[29],"rendering":[30],"engines":[31],"intelligent,":[33],"context-aware":[34],"assistants":[35],"capable":[36],"of":[37,127,215,238],"summarization,":[38],"reasoning,":[39],"task":[40],"automation,":[41],"multi-step":[43],"workflow":[44],"execution.":[45],"While":[46],"this":[47],"shift":[48],"unlocks":[49],"significant":[50],"opportunities":[51],"for":[52,96,231],"productivity":[53],"seamless":[55],"human\u2013computer":[56],"interaction,":[57],"it":[58],"also":[59],"introduces":[60],"a":[61,143,166,228],"new":[62],"largely":[64],"unexplored":[65],"attack":[66,152],"surface.":[67],"Because":[68],"AI":[69,220],"semantically":[71],"interpret":[72],"Document":[74],"Object":[75],"Model":[76],"(DOM),":[77],"previously":[78],"inert":[79],"elements":[80],"such":[81],"as":[82,93],"hidden":[83],"text,":[84],"ARIA":[85],"labels,":[86],"metadata,":[87],"JSON":[89],"structures":[90],"can":[91,175],"serve":[92],"covert":[94],"channels":[95],"adversarial":[97],"prompt":[98,196],"injection,":[99],"model":[100],"steering,":[101],"data":[102],"exfiltration,":[103],"unintended":[105],"autonomous":[106],"actions.":[107],"Existing":[108],"security":[109,138],"taxonomies":[110],"do":[111],"not":[112],"adequately":[113],"capture":[114],"semantic":[116,198],"agentic":[118],"threats.":[119],"This":[120],"article":[121],"provides":[122],"first":[124],"comprehensive":[125],"survey":[126,224],"analyzes":[131],"their":[132],"architectural":[133],"principles,":[134],"functional":[135],"capabilities,":[136],"implications.":[139],"We":[140,180],"introduce":[141],"AIA-WEB,":[142],"novel":[144],"threat":[145],"taxonomy":[146,226],"comprising":[147],"four":[148],"macroclasses":[149],"twelve":[151],"categories":[153],"specifically":[154],"tailored":[155],"to":[156,211],"AI-augmented":[158],"environment.":[160],"Each":[161],"category":[162],"is":[163],"illustrated":[164],"minimal":[167],"HTML":[168],"example":[169],"that":[170],"demonstrates":[171],"linguistic":[173],"manipulation":[174],"target":[176],"embedded":[178],"model.":[179],"further":[181],"compare":[182],"AIA-WEB":[183],"traditional":[185],"cybersecurity":[186],"frameworks,":[187],"highlight":[188],"critical":[189],"gaps,":[190],"propose":[192],"mitigation":[193],"strategies":[194],"spanning":[195],"firewalls,":[197],"sanitization,":[199],"LLM":[200],"wrappers,":[201],"action":[203],"gating.":[204],"Finally,":[205],"we":[206],"outline":[207],"future":[208],"research":[209],"directions":[210],"guide":[212],"development":[214],"safe,":[216],"interpretable,":[217],"robust":[219],"ecosystems.":[222],"Our":[223],"establish":[227],"foundational":[229],"reference":[230],"understanding":[232],"securing":[234],"next":[236],"generation":[237],"intelligent":[239],"browsers.":[240]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2026-04-03T00:00:00"}