ChannelLife New Zealand - Industry insider news for technology resellers
New Zealand

Guides

#
cloud services
#
cybersecurity
#
distributors
#
microsoft
#
partner programmes

Search

Realistic computer open web browser digital warning hacker figures cyber risk
#
Data Protection
#
IAM
#
AI Security

Browser AI agents seen as bigger security risk than employees

Today
Author image
By Jed Nykolle Harme, Editor

SquareX's latest research suggests that Browser AI Agents now pose a greater security risk to organisations than employees.

Browser AI Agents are software programs that perform browser-based tasks for users, including booking flights, scheduling meetings, and conducting research. Their usage has seen considerable growth, with a PWC survey indicating that 79% of organisations have already adopted some form of browser agent.

These agents offer measurable productivity gains, but SquareX's analysis found that their security awareness is limited compared to that of human employees. Unlike people, Browser AI Agents do not participate in regular security training and lack the ability to detect common warning signs found in malicious websites, such as suspicious URLs or unnecessary permission requests.

The company's research highlights that even fundamental security practices can be missed by Browser AI Agents. For example, while a human might notice and avoid a dubious website or application, agents are more likely to proceed, often exposing sensitive company data. SquareX pointed out the additional challenge that writing prompts to manage security risks for every agent task can undermine productivity gains, and most users are unlikely to have the expertise to do so effectively.

To demonstrate these risks, SquareX conducted an experiment using the widely adopted open-source Browser Use framework. In this scenario, the Browser AI Agent was asked to find and register for a file-sharing tool. During the process, the agent fell victim to an OAuth attack, inadvertently granting a malicious application full access to the user's email account. This occurred despite several signals — such as requests for irrelevant permissions, unfamiliar branding, and suspicious URLs — that would likely have caused a human operator to hesitate.

SquareX's team warned that similar scenarios could see agents unknowingly expose sensitive information, such as credit card data during online purchases or responding to phishing emails with confidential details. The inability of traditional security tools and browsers to distinguish between human and agent actions exacerbates this risk, as malicious instructions can be executed without intervention.

Industry perspective

Vivek Ramachandran, Founder & CEO of SquareX, commented on the findings, explaining the shift in security risk within organisations:

"The arrival of Browser AI Agents have dethroned employees as the weakest link within organizations. Optimistically, these agents have the security awareness of an average employee, making them vulnerable to even the most basic attacks, let alone bleeding-edge ones. Critically, these Browser AI Agents are running on behalf of the user, with the same privilege level to access enterprise resources. Until the day browsers develop native guardrails for Browser AI Agents, enterprises must incorporate browser-native solutions like Browser Detection and Response to prevent these agents from being tricked into performing malicious tasks. Eventually, the new generation of identity and access management tools will also have to take into account Browser AI Agent identities to implement granular access controls on agentic workflows."

Security professionals are being advised to introduce browser-integrated protections and to treat the actions of Browser AI Agents with the same scrutiny as those of human users.

Technical implications

With traditional security tools unable to identify whether actions in the browser stem from a human or an AI agent, the potential for undetected compromise rises. The need for browser-native threat detection and response tools, capable of safeguarding both employees and automated agents, is therefore becoming more pressing.

SquareX's findings further suggest that as the use of Browser AI Agents becomes more common, identity and access management systems will need to evolve. These systems must recognise and regulate AI agents to ensure that access privileges and security policies can be applied accurately to all entities operating within an organisation's digital infrastructure.

The company recommends that organisations take a proactive approach, reviewing and updating their browser security frameworks in line with these developments. Without new guardrails, the delegation of routine tasks to Browser AI Agents may inadvertently increase the attack surface for cybercriminals targeting enterprises.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Hundreds of printers at risk after security flaws uncovered
Veeam named Leader in Gartner 2025 backup & data report
OPSWAT adds SentinelOne AI to boost Metascan malware defence
ReliaQuest launches GreyMatter automation to speed threat response
Oracle Red Bull Racing adopts cloud suite to boost F1 operations

Top stories

HCLTech, OpenAI launch AI partnership for global firms
OPPO launches A5 Series in New Zealand with focus on durability
National Motu Move public transport card rollout faces major delay
AI YOUR WORKSPACE: Yealink launches full-scenario AI solutions for the hybrid era
Stablecoins, smart contracts and the rise of more intelligent cash