Search engines and artificial intelligence: between technological transformation and emerging risks

2025 closes with two publications which, when read together, offer a comprehensive overview of the transformations taking place in the online search sector and their implications for security and regulation.

On the one hand, the European Parliament Research Service (EPRS) published an analysis today entitled “Search engines in times of Artificial Intelligence”1, which examines the impact of generative AI on traditional search engines and the open web. On the other hand, Gartner has released a series of advisories in recent weeks that raise significant alarms about the security risks associated with so-called “agentic browsers” or “AI browsers” 2.

Taken together, these documents describe two levels of the same phenomenon: the EPRS analyzes the macro-systemic impact on the open web and the information ecosystem, while Gartner focuses on the micro-operational risk within organizations. The convergence of the two perspectives highlights a transformation affecting online search as critical infrastructure, with implications that simultaneously touch on the digital market, data protection, cybersecurity, and the European regulatory framework.

The transformation of online search: the data

The EPRS document, written by Mar Negreiro, starts with significant market data. Google holds about 90% of the global search engine market. The “AI Overviews” feature, powered by Gemini models, appears as the first result in about 60% of informational searches.

Microsoft has followed a similar path by integrating Copilot into Bing, although the Redmond search engine’s market share remains marginal, at around 4%.

The most significant phenomenon, however, concerns the emergence of generative AI platforms as alternative search tools. ChatGPT and Perplexity are increasingly used by users for informational searches, creating direct competition with established search engines.

This reveals a structural tension between two models of information access: the traditional one, based on indexing and referral to external sources, and the emerging one, based on algorithmic synthesis and user retention within the platform. This is not a simple technological evolution, but a paradigm shift that redefines the relationship between user, information, and digital intermediary.

Gartner’s prediction: -25% traffic by 2026

This trend was anticipated by Gartner as early as February 2024, when the analytics company predicted that the volume of traditional search engines would decline by 25% by 2026, with search engine marketing losing market share to AI chatbots and other virtual agents3.

Alan Antin, Vice President Analyst at Gartner, noted that generative AI solutions are becoming “replacement response engines,” replacing queries that would previously have been performed on traditional search engines. This transformation is forcing companies to rethink their digital marketing strategies.

In August 2025, Gartner then noted that the leading AI vendors—OpenAI, Anthropic, and Perplexity—had entered the AI-based browsing market, signaling the start of a veritable “browser war” with Google and Microsoft. This competition emphasizes AI over traditional web browsing, with significant consequences for users’ content consumption patterns.

The security alert on agentic browsers

However, it was in December 2025 that Gartner raised the most significant alarm. In an advisory titled “Cybersecurity Must Block AI Browsers for Now”4, analysts Dennis Xu, Evgeny Mirolyubov, and John Watts recommended that organizations block all AI browsers to minimize their risk exposure.

A methodological clarification is necessary: the reference to “AI browsers” should not be understood in the strict sense, as a limited category of applications, but as a visible emergence of an agentic capability that is now widespread throughout the entire digital stack. Agentic browsers are the most obvious manifestation of a broader phenomenon that is progressively affecting every level of the software infrastructure.

The central observation of the Gartner document is that the default settings of AI browsers prioritize user experience over security. Agentic browsers—such as Comet by Perplexity and Atlas by OpenAI—include two critical components:

The first is an “AI sidebar” that allows users to synthesize, search, translate, and interact with web content using AI services provided by the browser developer. The second is an agentic transactional capability that allows the browser to navigate autonomously, interact with websites, and complete tasks, especially within authenticated sessions.

The problem, according to Gartner, is that sensitive user data—active web content, browsing history, open tabs—is often sent to the cloud-based AI backend, increasing the risk of data exposure. Analysts describe this as an “irreversible and untraceable” leak once corporate data crosses the enterprise perimeter for external AI processing.

The risks identified are manifold. On the front of unauthorized autonomous actions, Gartner points to vulnerability to “indirect prompt-injection-induced rogue agent actions”: a malicious web page can inject hidden instructions that cause the AI agent to execute unauthorized commands, such as initiating financial transactions or exfiltrating sensitive data. On the compliance front, analysts highlight the risk that employees use AI browsers to automate mandatory activities, such as cybersecurity training, turning effective compliance into mere appearance. On the phishing front, the risk of credential loss and abuse is amplified when AI browsers can be tricked into autonomously navigating to phishing sites.

From a governance perspective, this scenario highlights the inadequacy of a reactive security approach. Gartner’s recommendation—to block agentic browsers—is understandable as an emergency measure. Still, it does not address the structural problem: the absence of ex ante assessment frameworks that enable organizations to integrate AI tools with adequate security and compliance safeguards.

The debate on the feasibility of blocking

Gartner’s recommendation has not been accepted without criticism. Some security experts have noted that AI agent capabilities no longer reside solely in specialized browsers but are now integrated into the fabric of every tool employees use daily.

Microsoft 365 Copilot operates within Word, Excel, and Outlook. Slack uses AI agents to search conversations, summarize threads, and perform actions. Zoom integrates AI companions that can participate in meetings, take notes, and respond on behalf of the user. Google Workspace, Salesforce, ServiceNow, and dozens of other enterprise platforms have already incorporated agentic capabilities into their core offerings.

In this context, blocking specialized browsers such as Comet and Atlas may not be enough: the agentic AI that concerns Gartner no longer resides only in a specific browser, but is distributed throughout the corporate digital ecosystem. The question, therefore, is not whether to allow or ban individual tools, but how to build a governance framework that allows for the assessment, monitoring, and mitigation of risks associated with now-pervasive agentic capabilities.

The impact on publishers and the open web

Alongside security concerns, the EPRS analysis highlights the economic consequences for the content ecosystem. Trade associations representing publishers report traffic reductions of up to 25%, with some estimates reaching 50%. A network of digital marketing companies reports that 58% of Google searches end without the user visiting any links.

The reduction in traffic translates into fewer ad impressions and a consequent loss of revenue. In response, a coalition of publishers has filed an antitrust complaint with the European Commission. An alliance of German media and digital organizations has filed a formal complaint under the Digital Services Act. In the UK, the Competition and Markets Authority has confirmed that Google has “strategic market status” in search services, including AI Overviews5.

The complaints focus on a few specific points. AI Overviews are said to be increasingly monetized through integrated advertising. Google extracts content from third-party websites without direct compensation, opt-out options, or prior consent. Publishers would not be able to opt out of the overviews without also being excluded from ordinary search results.

The EPRS notes that Google has admitted the open web is in rapid decline, specifically in display advertising. However, the document suggests that the decline could be much broader: AI-driven search would pose an unprecedented threat to the open web ecosystem.

This data, viewed through the lens of information governance, raises questions that go beyond the economic dimension. If algorithmic summarization progressively replaces direct access to sources, the relationship between the production, distribution, and consumption of information will be profoundly altered. The risk is not only the loss of revenue for publishers, but the emergence of an information model in which the algorithmic intermediary becomes the sole point of access, with apparent implications for pluralism and the verifiability of sources.

Another problematic area concerns the use of data for training language models. The EPRS draws attention to copyright issues6 and to the pending case against Meta, which is accused of failing to comply with the GDPR in collecting data for training its models, as it did not seek prior user consent 7.

On this point, the document mentions the proposed amendments to the GDPR contained in the so-called “Digital Omnibus” 8, which could provide a clearer legal basis for the processing of personal data for AI training purposes. This prospect raises significant questions about the balance between technological innovation and personal data protection.

Cloudflare, for its part, is supporting a consortium of publishers to collectively block AI crawlers from collecting content for training, unless technology companies pay for the content used9.

Information quality and critical thinking

The EPRS analysis does not overlook the cognitive and social implications of the transformation underway. AI-generated searches may include incorrect or distorted information. Research suggests that AI could produce “chat chambers” that reinforce misinformation10.

According to the data cited, 27% of US adults do not trust AI-generated search results11. The likelihood of chatbots repeating false information is expected to almost double, from 18% in August 2024 to 35% in August 2025.

Further research suggests that greater trust in generative AI is associated with less critical thinking12. There is also a risk of widening the digital divide: young users are more literate in AI than previous generations, but they also tend to develop a growing dependence on AI for school tasks, with potential adverse effects on creative thinking13.

The European regulatory framework: an ongoing review

From a regulatory perspective, the EPRS reports that Google’s AI Overviews are available in over 200 countries, but rollout has been slower in the European Union. At the beginning of 2025, the feature was only active in some Member States; by October 2025, it was available in all except France. The delay is attributed to regulatory reasons14.

It remains to be seen whether Google is fully complying with applicable European legislation. The regulatory framework can be interpreted according to a three-level governance logic:

  • DSA and DMA1516: govern the governance of digital gatekeepers, imposing obligations of algorithmic transparency, interoperability, and non-discrimination. Google, as a designated gatekeeper, is subject to specific constraints that could be relevant to the functioning of AI Overviews.

  • AI Act17: introduces algorithmic risk governance, classifying AI systems according to their level of risk and imposing proportionate requirements. The qualification of AI Overviews and agentic browsers within this framework requires a case-by-case analysis.

  • GDPR and Copyright Directive 1819: govern the processing of personal data and the use of protected content, respectively, with direct implications for model training and content extraction for response generation.

The European Commission is evaluating the use of AI summaries in Google search results20, with a particular focus on the potential impact on the relationship between dominant platforms and the open web.

Future prospects: agentic AI as a new gatekeeper

The EPRS analysis concludes with a particularly relevant forward-looking reflection. The integration of AI now goes beyond overviews and chatbots: AI tools are embedded in operating systems, core applications, and hardware ecosystems.

The evolution towards agentic AI systems21—virtual assistants designed to operate with minimal human supervision—is already underway. Google, OpenAI, Microsoft, and NVIDIA are developing systems that could represent the next step towards fully automated online search22.

There is a risk that AI agents could themselves become gatekeepers, as defined by the DMA, acting independently and raising new questions about oversight and accountability23. That is a prospect that requires attention from regulators and may require a rethinking of the regulatory tools currently available.

Concluding considerations

A joint reading of the analyses published by the EPRS and Gartner paints a picture of profound transformation across multiple dimensions: the online search market, the digital publishing ecosystem, corporate cybersecurity, personal data protection, and copyright.

For professionals in data protection and compliance, several operational priorities emerge. The first concerns the need for integrated assessments that account for interactions among the applicable regulations. The second concerns updating corporate policies on the use of AI tools in light of Gartner’s guidance on the risks posed by agentic browsers. The third concerns monitoring the evolution of the European regulatory framework and enforcement by the competent authorities.

Ultimately, the challenge is not to decide whether to allow the use of AI in search and navigation, but how to govern it before it becomes invisible and unquestionable infrastructure.
The integration of AI into information access processes requires an ex ante governance approach based on impact assessments, algorithmic transparency, and verifiable accountability. That is the direction that the European regulatory framework has set; it remains to be seen whether the tools available are adequate for the speed and pervasiveness of the transformation underway.

Data verified as of December 29, 2025. It is advisable to monitor developments regarding the enforcement of the AI Act and the decisions of the competent authorities in 2026.

References

Related Hashtag

#AI #ArtificialIntelligence #AIAct #AIGovernance #AgenticAI #SearchEngines #Google #AIOverviews #DSA #DMA #GDPR #Cybersecurity #Gartner #EuropeanParliament #OpenWeb #DigitalGatekeepers #DataProtection #AIRegulation #TechPolicy #DigitalMarkets #AIBrowsers #GenerativeAI #AICompliance #EURegulation #DigitalRights #Privacy #TechLaw #AIRisk #DigitalGovernance #FutureOfSearch

  1. European Parliament Research Service, Search engines in times of Artificial Intelligence, 29 dicembre 2025. Disponibile su: https://epthinktank.eu/2025/12/29/search-engines-in-times-of-artificial-intelligence/ - PDF: https://www.europarl.europa.eu/RegData/etudes/ATAG/2025/779238/EPRS_ATA(2025)779238_EN.pdf ↩︎

  2. Gartner, Cybersecurity Must Block AI Browsers for Now, 1 dicembre 2025. Disponibile su: https://www.gartner.com/en/documents/7211030 ↩︎

  3. Gartner, Gartner Predicts Search Engine Volume Will Drop 25% by 2026, Due to AI Chatbots and Other Virtual Agents, 19 febbraio 2024. Disponibile su: https://www.gartner.com/en/newsroom/press-releases/2024-02-19-gartner-predicts-search-engine-volume-will-drop-25-percent-by-2026-due-to-ai-chatbots-and-other-virtual-agents ↩︎

  4. Gartner, Cybersecurity Must Block AI Browsers for Now, 1 dicembre 2025. Disponibile su: https://www.gartner.com/en/documents/7211030 ↩︎

  5. UK Government, CMA confirms Google has strategic market status in search services. Disponibile su: https://www.gov.uk/government/news/cma-confirms-google-has-strategic-market-status-in-search-services ↩︎

  6. Parlamento Europeo, Studio su copyright e IA. Disponibile su: https://www.europarl.europa.eu/RegData/etudes/STUD/2025/774095/IUST_STU(2025)774095_EN.pdf ↩︎

  7. Computer Weekly, Meta AI training will be challenged at Europe’s highest court, says data protection chief. Disponibile su: https://www.computerweekly.com/news/366627521/Meta-AI-training-will-be-challenged-at-Europes-highest-court-says-data-protection-chief ↩︎

  8. Commissione Europea, Digital Omnibus - AI Regulation Proposal. Disponibile su: https://digital-strategy.ec.europa.eu/en/library/digital-omnibus-ai-regulation-proposal ↩︎

  9. Cloudflare, Content Independence Day: No AI Crawl Without Compensation. Disponibile su: https://blog.cloudflare.com/content-independence-day-no-ai-crawl-without-compensation/ ↩︎

  10. Scientific American, The Way People Search the Internet Can Fuel Echo Chambers. Disponibile su: https://www.scientificamerican.com/article/the-way-people-search-the-internet-can-fuel-echo-chambers/ ↩︎

  11. YouGov, Americans increasingly skeptical about AI effects. Disponibile su: https://today.yougov.com/technology/articles/51803-americans-increasingly-skeptical-about-ai-artificial-intelligence-effects-poll ↩︎

  12. Microsoft Research, The Impact of Generative AI on Critical Thinking. Disponibile su: https://www.microsoft.com/en-us/research/publication/the-impact-of-generative-ai-on-critical-thinking-self-reported-reductions-in-cognitive-effort-and-confidence-effects-from-a-survey-of-knowledge-workers/ ↩︎

  13. NSTA, Think or Not to Think: The Impact of AI on Critical Thinking Skills. Disponibile su: https://www.nsta.org/blog/think-or-not-think-impact-ai-critical-thinking-skills ↩︎

  14. Tech Policy Press, What does it take to moderate AI Overviews?. Disponibile su: https://www.techpolicy.press/what-does-it-take-to-moderate-ai-overviews/ ↩︎

  15. Regolamento (UE) 2022/2065 (Digital Services Act). Disponibile su: https://eur-lex.europa.eu/eli/reg/2022/2065/oj/eng ↩︎

  16. Regolamento (UE) 2022/1925 (Digital Markets Act). Disponibile su: https://eur-lex.europa.eu/eli/reg/2022/1925/oj/eng ↩︎

  17. Regolamento (UE) 2024/1689 (AI Act). Disponibile su: https://eur-lex.europa.eu/eli/reg/2024/1689/oj/eng ↩︎

  18. Regolamento (UE) 2016/679 (GDPR). Disponibile su: https://eur-lex.europa.eu/eli/reg/2016/679/oj/eng ↩︎

  19. Direttiva (UE) 2019/790 sul diritto d’autore nel mercato unico digitale. Disponibile su: https://eur-lex.europa.eu/eli/dir/2019/790/oj/eng ↩︎

  20. Euractiv, Google’s AI Overviews face EU scrutiny. Disponibile su: https://www.euractiv.com/news/search-eats-internet-googles-ai-overviews-face-eu-scrutiny/ ↩︎

  21. IBM, Agentic AI vs Generative AI. Disponibile su: https://www.ibm.com/think/topics/agentic-ai-vs-generative-ai ↩︎

  22. Digital Trends, What are AI agents?. Disponibile su: https://www.digitaltrends.com/computing/what-are-ai-agents/ ↩︎

  23. CERRE, Is the DMA Ready for Agentic AI?. Disponibile su: https://cerre.eu/publications/is-the-dma-ready-for-agentic-ai/ ↩︎