Information alert: SquareX analysis finds browser AI brokers are proving riskier than human workers – Cyber Tech

Palo Alto, Calif., Jun. 30, 2025, CyberNewswire–Each safety practitioner is aware of that workers are the weakest hyperlink in a company, however that is not the case.

SquareX’s analysis reveals that Browser AI Brokers usually tend to fall prey to cyberattacks than workers, making them the brand new weakest hyperlink that enterprise safety groups must look out for.

Browser AI Brokers are software program purposes that act on behalf of customers to entry and work together with net content material. Customers can instruct these brokers to automate browser-based duties corresponding to flight bookings, scheduling conferences, sending emails, and even easy analysis duties.

The productiveness features that Browser AI Brokers present make them a particularly compelling software for workers and organizations alike. Certainly, a survey from PWC discovered that 79% of organizations have already adopted browser brokers right this moment.

But, Browser AI Brokers expose organizations to an enormous safety danger. These brokers are educated to finish the duties they’re instructed to do, with little to no understanding of the safety implications of their actions.

Not like human workers, Browser AI Brokers aren’t topic to common safety consciousness coaching. They can not acknowledge visible warning indicators like suspicious URLs, extreme permission requests, or uncommon web site designs that sometimes alert workers of a malicious web site. Consequently, Browser AI Brokers usually tend to fall prey to browser-based assaults than even an everyday worker.

Even whether it is doable for customers so as to add these guardrails, the overhead required to extensively write the safety danger of each activity carried out by the agent in each immediate would in all probability outweigh the productiveness features. Extra importantly, workers utilizing Browser AI Brokers are unlikely to have sufficient safety experience to have the ability to write such a immediate within the first place.

With the favored open-source Browser Use framework utilized by 1000’s of organizations, SquareX demonstrated how the Browser AI Agent, instructed to seek out and register for a file-sharing software, succumbed to an OAuth assault. Within the means of finishing its activity, it granted a malicious app full entry to the person’s electronic mail regardless of a number of suspicious indicators – irrelevant permissions, unfamiliar manufacturers, suspicious URLs – that seemingly would have stopped most workers from granting these permissions.

In different eventualities, these brokers may expose the person’s bank card data to a phishing web site whereas making an attempt to buy groceries or disclose delicate information when responding to emails from an impersonation assault.

Sadly, neither browsers nor conventional safety instruments can differentiate between actions carried out by customers and these brokers. Thus, it’s vital for enterprises working with Browser AI Brokers to supply browser-native guardrails that may forestall brokers and workers alike from falling prey to those assaults.

Ramachandran

Vivek Ramachandran, Founder & CEO of SquareX, warns, “The arrival of Browser AI Brokers have dethroned workers because the weakest hyperlink inside organizations. Optimistically, these brokers have the safety consciousness of a mean worker, making them weak to even probably the most primary assaults, not to mention bleeding-edge ones.

Critically, these Browser AI Brokers are working on behalf of the person, with the identical privilege degree to entry enterprise assets. Till the day browsers develop native guardrails for Browser AI Brokers, enterprises should incorporate browser-native options like Browser Detection and Response to stop these brokers from being tricked into performing malicious duties.

Ultimately, the brand new era of id and entry administration instruments can even must have in mind Browser AI Agent identities to implement granular entry controls on agentic workflows.”

To be taught extra about this safety analysis, customers can go to .

SquareX’s analysis workforce can be holding a webinar on July 11, 10am PT/1pm ET to dive deeper into the analysis findings. To register, customers can click on right here.

About SquareX: SquareX’s browser extension turns any browser on any gadget into an enterprise-grade safe browser. SquareX’s industry-first Browser Detection and Response (BDR) resolution empowers organizations to proactively detect, mitigate, and threat-hunt client-side net assaults, together with malicious browser extensions, superior spearphishing, browser-native ransomware, genAI DLP, and extra. Not like legacy safety approaches and cumbersome enterprise browsers, SquareX seamlessly integrates with customers’ present shopper browsers, guaranteeing enhanced safety with out compromising person expertise or productiveness. By delivering unparalleled visibility and management straight throughout the browser, SquareX allows safety leaders to scale back their assault floor, acquire actionable intelligence, and strengthen their enterprise cybersecurity posture in opposition to the most recent risk vector – the browser. Discover out extra on www.sqrx.com.

 Media contact: Junice Liew, Head of PR, SquareX, junice@sqrx.com

Editor’s word: This press launch was supplied by CyberNewswire as a part of its press launch syndication service. The views and claims expressed belong to the issuing group.

June thirtieth, 2025 | Information Alerts