"According to the new Browser Security Report 2025, security leaders are discovering that most identity, SaaS, and AI-related risks converge in a single place, the user's browser. Yet traditional controls like DLP, EDR, and SSE still operate one layer too low. What's emerging isn't just a blindspot. It's a parallel threat surface: unmanaged extensions acting like supply chain implants, GenAI tools accessed through personal accounts, sensitive data copy/pasted directly into prompt fields, and sessions that bypass SSO altogether."
"The rise of GenAI in enterprise workflows has created a massive governance gap. Nearly half of employees use GenAI tools, but most do so through unmanaged accounts, outside of IT visibility. Key stats from the report: 77% of employees paste data into GenAI prompts 82% of those pastes come from personal accounts 40% of uploaded files contain PII or PCI GenAI accounts for 32% of all corporate-to-personal data movement"
Most identity, SaaS, and AI-related risks converge in the user's browser, creating a parallel threat surface that bypasses traditional controls. Unmanaged browser extensions can function as supply-chain implants, GenAI tools are frequently accessed through personal accounts, sensitive data is copied into prompt fields, and sessions can bypass SSO. GenAI is now a top data exfiltration channel: high rates of copy/paste into prompts, most pastes from personal accounts, and many uploaded files containing PII or PCI. Legacy DLP, EDR, and SSE tools are not designed to address browser-centric exfiltration and agentic AI browser risks.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]