SquareX’s research reveals that Browser AI Agents are more likely tofall prey to cyberattacks than employees, making them the new weakest link that enterprisesecurity teams need to look out for. Moreimportantly, employees using Browser AI Agents are unlikely to have enough security expertiseto be able to write such a prompt in the first place. Thus, it is critical for enterprises working with Browser AIAgents to provide browser-native guardrails that will prevent agents and employees alike fromfalling prey to these attacks. Until the daybrowsers develop native guardrails for Browser AI Agents, enterprises must incorporatebrowser-native solutions like Browser Detection and Response to prevent these agents frombeing tricked into performing malicious tasks. Unlike human employees, Browser AI Agents are notsubject to regular security awareness training. Indeed, a survey from PWC found that 79% of organizationshave already adopted browser agents today.Yet, Browser AI Agents expose organizations to a massive security risk. By delivering unparalleledvisibility and control directly within the browser, SquareX enables security leaders to reducetheir attack surface, gain actionable intelligence, and strengthen their enterprise cybersecurityposture against the newest threat vector – the browser. Consequently, Browser AI Agents are more likely to fall prey tobrowser-based attacks than even a regular employee. The productivity gains that Browser AI Agents provide make them an extremely compelling tool foremployees and organizations alike. Vivek Ramachandran, Founder & CEO of SquareX, warns, “The arrival of Browser AI Agentshave dethroned employees as the weakest link within organizations. Critically, these Browser AI Agents are running onbehalf of the user, with the same privilege level to access enterprise resources. Browser AI Agents are software applications that act on behalf of users to access and interactwith web content. With the popular open-source Browser Use framework used by thousands of organizations,SquareX demonstrated how the Browser AI Agent, instructed to find and register for afile-sharing tool, succumbed to an OAuth attack. SquareX’s industry-first Browser Detection and Response (BDR) solution empowersorganizations to proactively detect, mitigate, and threat-hunt client-side web attacks, includingmalicious browser extensions, advanced spearphishing, browser-native ransomware, genAIDLP, and more. Even if it is possible for users to addthese guardrails, the overhead required to extensively write the security risk of every task performed by the agent in every prompt would probably outweigh the productivity gains. In the process of completing its task, it granteda malicious app complete access to the user’s email despite multiple suspicious signals -irrelevant permissions, unfamiliar brands, suspicious URLs – that likely would have stoppedmost employees from granting these permissions. Eventually, the new generation of identity andaccess management tools will also have to take into account Browser AI Agent identities toimplement granular access controls on agentic workflows. Users can instruct these agents to automate browser-based tasks such asflight bookings, scheduling meetings, sending emails, and even simple research tasks. In other scenarios, these agents mightexpose the user’s credit card information to a phishing site while trying to purchase groceries ordisclose sensitive data when responding to emails from an impersonation attack. Unfortunately, neither browsers nor traditional security tools can differentiate between actionsperformed by users and these agents. These agents aretrained to complete the tasks they are instructed to do, with little to no understanding of the security implications of their actions. Unlike legacy security approaches and cumbersome enterprise browsers,SquareX seamlessly integrates with users’ existing consumer browsers, ensuring enhancedsecurity without compromising user experience or productivity.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 30 Jun 2025 13:35:13 +0000