The bots in your browser work hard … and give attackers everything they need to come in
- Advertisement -
Related Posts
- Advertisement -
- Report warnings Hackers exploit browser agents who do not know how to spot fake -Urls
- A browser AI agent gave full Google Drive access to a malignant app without hesitation
- Squarex says that AI agents are more vulnerable than people for even basic stores
A dramatic shift in Enterprise Security has emerged with the acceptance of browser AI agents, an automated tool that interacts with the web on behalf of users -but these agents have now become an important blind place in cyber security defenses.
New research by Quadrate has claimed that browser AI agents fall prey to cyber attacks rather than employees – challenging the long -standing conviction that human errors is the weakest link.
Unlike staff who follow regular cyber security training, agents cannot recognize “suspicious URLs, excessive requests for consent or unusual website designs,” says the company.
A new weakest link is created in Enterprise Cyber Security
“The arrival of browser AI agents has dethroned employees as the weakest link within organizations,” said Vivek Ramacenran, CEO of Squarex.
These agents are able to simulate user behavior to perform tasks such as booking flights, planning meetings or answering E -emails – their fundamental weakness lies in their full lack of security intuition.
Their answers are fully task -driven and devoid of critical thinking that is necessary to assess the risk.
In a remarkable demonstration, Squarex used the Open Source Browser use framework to instruct an AI agent to register for a tool for sharing files.
Instead, the agent gave a malignant application access to the E -mail account of a user, despite “irrelevant permissions, unknown brands, suspicious URLs” that a person would have stopped.
In another case, an agent was misled to enter login details on a phishing site, after a routine Salesforce Login instruction.
Part of the danger stems from the way in which browser AI agents work, while working with the same privileges as the user, which means that their actions cannot be distinguished from legitimate behavior.
“Optimistic, these agents have the security consciousness of an average employee, making them vulnerable to even the most basic attacks, let alone bleed,” Squarex said.
“It is crucial that this browser -Ai agents are performed on behalf of the user, with the same privilege level to gain access to Enterprise sources.”
As soon as an agent has been compromised, attackers do not get -detected access to internal systems, with all permissions of a trusted employee.
The current harvest of security solutions, ranging from the Best end point protection at the Best ZTNA solutionDo not declare these agents sufficiently.
Even the Best Fwaas Implementations may have difficulty marking actions that seem legitimate, but come from a compromised AI.
“Until the day that browsers develop indigenous goardrails for browser AI agents, companies must include browser-native solutions such as browser detection and reaction to prevent these agents from being misled to perform malignant tasks,” the researchers notice.
However, the broader message remains urgent: AI agents not only need smart engineering but smarter supervision.
Maybe you like it too
- Advertisement -
