Palo Alto, Calif., Jun. 30, 2025, CyberNewswire–Each safety practitioner is aware of that workers are the weakest hyperlink in a corporation, however that is not the case.
SquareX’s analysis reveals that Browser AI Brokers usually tend to fall prey to cyberattacks than workers, making them the brand new weakest hyperlink that enterprise safety groups have to look out for.
Browser AI Brokers are software program functions that act on behalf of customers to entry and work together with net content material. Customers can instruct these brokers to automate browser-based duties resembling flight bookings, scheduling conferences, sending emails, and even easy analysis duties.
The productiveness good points that Browser AI Brokers present make them an especially compelling software for workers and organizations alike. Certainly, a survey from PWC discovered that 79% of organizations have already adopted browser brokers at present.
But, Browser AI Brokers expose organizations to an enormous safety danger. These brokers are educated to finish the duties they’re instructed to do, with little to no understanding of the safety implications of their actions.
In contrast to human workers, Browser AI Brokers are usually not topic to common safety consciousness coaching. They can’t acknowledge visible warning indicators like suspicious URLs, extreme permission requests, or uncommon web site designs that sometimes alert workers of a malicious website. Consequently, Browser AI Brokers usually tend to fall prey to browser-based assaults than even an everyday worker.
Even whether it is potential for customers so as to add these guardrails, the overhead required to extensively write the safety danger of each activity carried out by the agent in each immediate would most likely outweigh the productiveness good points. Extra importantly, workers utilizing Browser AI Brokers are unlikely to have sufficient safety experience to have the ability to write such a immediate within the first place.
With the favored open-source Browser Use framework utilized by hundreds of organizations, SquareX demonstrated how the Browser AI Agent, instructed to search out and register for a file-sharing software, succumbed to an OAuth assault. Within the strategy of finishing its activity, it granted a malicious app full entry to the consumer’s electronic mail regardless of a number of suspicious alerts – irrelevant permissions, unfamiliar manufacturers, suspicious URLs – that probably would have stopped most workers from granting these permissions.
In different eventualities, these brokers would possibly expose the consumer’s bank card info to a phishing website whereas making an attempt to buy groceries or disclose delicate information when responding to emails from an impersonation assault.
Sadly, neither browsers nor conventional safety instruments can differentiate between actions carried out by customers and these brokers. Thus, it’s important for enterprises working with Browser AI Brokers to supply browser-native guardrails that can forestall brokers and workers alike from falling prey to those assaults.
Ramachandran
Vivek Ramachandran, Founder & CEO of SquareX, warns, “The arrival of Browser AI Brokers have dethroned workers because the weakest hyperlink inside organizations. Optimistically, these brokers have the safety consciousness of a median worker, making them weak to even probably the most fundamental assaults, not to mention bleeding-edge ones.
Critically, these Browser AI Brokers are operating on behalf of the consumer, with the identical privilege degree to entry enterprise assets. Till the day browsers develop native guardrails for Browser AI Brokers, enterprises should incorporate browser-native options like Browser Detection and Response to stop these brokers from being tricked into performing malicious duties.
Ultimately, the brand new era of id and entry administration instruments may even must take into consideration Browser AI Agent identities to implement granular entry controls on agentic workflows.”
To study extra about this safety analysis, customers can go to http://sqrx.com/browser-ai-agents .
SquareX’s analysis staff can be holding a webinar on July 11, 10am PT/1pm ET to dive deeper into the analysis findings. To register, customers can click on right here.
About SquareX: SquareX’s browser extension turns any browser on any machine into an enterprise-grade safe browser. SquareX’s industry-first Browser Detection and Response (BDR) resolution empowers organizations to proactively detect, mitigate, and threat-hunt client-side net assaults, together with malicious browser extensions, superior spearphishing, browser-native ransomware, genAI DLP, and extra. In contrast to legacy safety approaches and cumbersome enterprise browsers, SquareX seamlessly integrates with customers’ present client browsers, making certain enhanced safety with out compromising consumer expertise or productiveness. By delivering unparalleled visibility and management instantly throughout the browser, SquareX allows safety leaders to scale back their assault floor, acquire actionable intelligence, and strengthen their enterprise cybersecurity posture towards the latest risk vector – the browser. Discover out extra on www.sqrx.com.
Media contact: Junice Liew, Head of PR, SquareX, junice@sqrx.com
Editor’s notice: This press launch was offered by CyberNewswire as a part of its press launch syndication service. The views and claims expressed belong to the issuing group.
