A new study by cybersecurity firm SquareX has identified Browser AI Agents as a rising security threat, surpassing human employees as the weakest link in enterprise cybersecurity.
According to the report, Browser AI Agents—automated tools that perform browser-based tasks on behalf of users—are now widely adopted, with 79% of organizations reportedly integrating them into daily workflows.
These agents are designed to streamline operations such as booking flights, managing emails, and conducting online research.
However, SquareX’s analysis reveals that these AI-driven agents often lack the security intuition possessed by trained employees.
Unlike humans, they are not equipped to detect phishing attempts, suspicious URLs, or irregular permission requests. “These agents follow instructions blindly, regardless of security implications,” said Vivek Ramachandran, Founder and CEO of SquareX.
In a critical demonstration using the open-source Browser Use framework, researchers showed how an AI agent—tasked with registering for a file-sharing tool—was deceived by a malicious OAuth application.
The agent granted full email access to the attacker, ignoring multiple red flags that most human users would have questioned.
Such oversights, the research suggests, could lead to large-scale breaches involving financial data, personal information, and enterprise credentials.
In another demonstration, Browser AI Agents followed blindly to submit sensitive data to phishing websites or respond to impersonated emails with confidential content.
Traditional security tools fail to distinguish between actions taken by users and those performed by AI agents. This renders standard defense mechanisms ineffective in detecting malicious agent behavior.
Ramachandran emphasized the urgency: “Browser AI Agents act with the same privilege level as employees, yet lack their security awareness. This makes them an ideal target for attackers.”
Recommendations
SquareX recommends deploying browser-native security layers like Browser Detection and Response (BDR) to mitigate risks associated with automated agents.
The firm also advocates for future identity and access management systems to support agent-based identities and workflows.
As enterprise dependence on automation grows, security teams are being urged to rethink access control and threat detection frameworks. The shift from human to machine-based vulnerabilities marks a new frontier in cybersecurity.
Read more:
- 53% of Enterprise Users Installs Extensions with ‘High’ or ‘Critical’ Permissions, LayerX Report Finds
- CISOs Warn of Escalating AI-Powered Domain Attacks
About Author
