Why are AI browser agents suddenly a major security concern?
A new warning has been issued for Chrome and Edge users, spotlighting a growing cybersecurity risk tied to the use of browser-based AI browser agents. These tools — designed to automate web tasks like form-filling, information retrieval, and app usage — are being embraced for their convenience and productivity gains. But according to cybersecurity firm SquareX, they could also become dangerous entry points for attackers.
SquareX’s report puts it bluntly: “Browser AI Agents expose organizations to a massive security risk.” These AI tools, now used by nearly 80% of companies, are operating with the same access and permissions as their human users — but without the caution or context human users bring to online activity.
How do AI agents increase the risk of browser-based attacks?
The issue isn’t just theoretical. In a series of test scenarios, SquareX showed how browser agents, when tasked with finding and signing up for a file-sharing tool, fell victim to phishing attacks, granting dangerous levels of access to malicious apps. These included:
- OAuth attacks that allowed unauthorized access to a user’s email.
- Phishing links disguised as legitimate services in poisoned search results.
- Malvertising campaigns that pushed malicious downloads through seemingly legitimate ads.
Unlike human users, AI agents lack basic security awareness. They can’t recognize red flags like odd URLs, excessive permission requests, or fake brand names. They simply do what they’re told — no questions asked.
“These agents are trained to complete the tasks they are instructed to do, with little to no understanding of the security implications of their actions,” warns SquareX.
Why Chrome and Edge users should act immediately
Because of their massive market share, Chrome and Edge users are the most exposed. While both browsers offer basic and advanced security options — like Google’s Safe Browsing and Edge’s SmartScreen — many users don’t enable them to their full extent.
Google recommends turning on Enhanced Safe Browsing, which alerts users about known and unknown threats, such as:
- Malicious sites and downloads,
- Dangerous browser extensions,
- Zero-day phishing domains that haven’t been flagged yet.
What to do now:
- Enable Enhanced Safe Browsing in Chrome:
Go to Settings > Privacy and Security > Security and select “Enhanced protection.” - Use strict security settings in Edge:
Navigate to Settings > Privacy, Search, and Services, then switch to “Strict” for tracking prevention and security checks. - Avoid granting broad access to AI tools:
Limit permissions wherever possible. Revoke app access to sensitive platforms like Gmail, Slack, or Salesforce if they’re not essential.
Consider linking to a browser settings tutorial for Chrome Enhanced Protection and Edge security settings for additional guidance.
Why traditional security training no longer applies
The usual advice — train employees to spot suspicious activity — doesn’t help much when the “employee” is an algorithm. These AI agents aren’t sentient, cautious, or skeptical. They don’t pause to question strange permission requests. And that’s exactly what attackers are counting on.
Vivek Ramachandran, SquareX’s founder, explains the core vulnerability:
“Providers have no way to create a sub-identity for Browser AI Agents running on behalf of the user where further granular controls can be applied. This allows all Browser AI Agents to run on the same privilege levels as the user.”
This creates a huge attack surface. Once an AI agent is fooled, it’s like giving a burglar your house keys and telling them where the valuables are — all without knowing it happened.
Are privacy risks growing alongside security threats?
Yes — and faster than regulators can keep up. A report from privacy watchdog Incogni warns that as AI tools become routine parts of workplace operations, they’re also increasingly leaking data in unexpected ways.
Some of the most concerning risks include:
- Unauthorized data sharing with third parties via web integrations.
- Inadvertent exposure of personal or corporate information during AI task execution.
- Shadow IT behaviors, where agents connect to unvetted services without oversight.
These issues don’t stem from malice, but from oversight — or rather, the lack of it. The AI agents are designed to help, not think. But in doing so, they operate outside the safeguards that normally protect users from phishing or fraud.
A good place for an infographic:
“Top 5 AI browser agent vulnerabilities and how to mitigate them” (e.g., phishing, OAuth misuse, malvertising, excessive permissions, third-party data exposure)
So, what’s the solution?
There’s no single fix — yet. But here are four steps both individuals and organizations can take right now:
1. Max out browser security settings
As noted earlier, enhanced protection tools already exist — but they need to be switched on. They’re not automatic.
2. Limit agent permissions
Don’t let AI agents run with full access to your Google Workspace, email, or sensitive enterprise apps. Use temporary or restricted permissions where possible.
3. Implement browser-native guardrails
Companies should look into browser isolation, zero-trust environments, and session sandboxing. These make it harder for agents — or attackers — to reach critical data.
4. Push vendors for agent-level access control
Until providers allow agents to run with limited, separate privileges (akin to child accounts), the risks will remain disproportionately high.
Browser-based AI agents — especially on Chrome and Edge — pose an urgent and underappreciated security threat. They act without discernment, opening the door to phishing, malvertising, and data leaks. Until browser vendors offer fine-grained access control for these agents, the best defense is tightening your security settings, restricting agent permissions, and staying alert to the risks of unchecked automation.
