NEW YORK – A new warning has just been issued for Chrome and Edge users, as the feared tidal wave of AI attacks takes on an alarming new dimension. It turns out that the latest buzz around agentic AI might be a security nightmare suddenly come true. As ever with AI, the unintended consequences of new developments hit hard and fast.
The warning comes courtesy of SquareX. “Every security practitioner knows that employees are the weakest link in an organization,” it says. “But what if this is no longer the case?” It turns out that the browser agents now used by 79% of organizations might be doing more than saving time and money — they might be putting everyone at risk.
Google already warns Chrome users to enable Safe Browsing. “Each time that you visit a website or attempt a download,” it says, “Chrome checks with Safe Browsing based on the protection level that you’ve selected.”
SquareX’s Vivek Ramachandran told me “enterprise versions of consumer browsers like Chrome Enterprise and Edge for Business typically focus on browser hardening — enabling and disabling certain browser features like browser extensions.”
And while “some have the capability to create a whitelist/blacklist of sites to restrict the sites users can visit,” which in effect helps “prevent Browser AI Agents from falling prey to some attacks,” this would not help with “attacks that leverage legitimate functionalities within the browser, such as OAuth attacks.”
Ramachandran says “attackers realize this nuance, which is why we are seeing more attacks that exploit the architectural limitation of browsers and cannot be solved through browser hardening or even proxy-layer solutions (e.g. SASE/SSEs).”
