A reported attack technique shows how a malicious page may steer an AI browser past its guardrails, turning convenience features into a sensitive-data risk.