A new report highlights a critical shift in the landscape of enterprise cybersecurity, positing that the user’s browser has become a convergence point for significant identity, SaaS, and AI-related risks, often evading the purview of traditional security measures.
The “Browser Security Report 2025,” drawing insights from millions of browser sessions, contends that customary controls such as Data Loss Prevention (DLP), Endpoint Detection and Response (EDR), and Security Service Edge (SSE) operate a layer too low to address these emerging threats. What has emerged, the report suggests, is a parallel threat surface encompassing unmanaged extensions, personal GenAI tool usage, and compromised identity sessions.
The proliferation of generative AI tools within corporate workflows has inadvertently created a substantial governance void. Nearly half of all employees now engage with GenAI, often through unmanaged personal accounts, rendering their activities invisible to IT oversight. The report indicates that 77% of employees paste data into GenAI prompts, with 82% of these instances occurring via personal accounts. Crucially, 40% of uploaded files contained personally identifiable information (PII) or payment card industry (PCI) data, making GenAI responsible for 32% of all corporate-to-personal data transfers, a domain where legacy DLP tools prove ineffective.
Beyond traditional GenAI usage, a new class of “agentic” AI browsers, including platforms like OpenAI’s Atlas, Arc Search, and Perplexity Browser, presents another evolving threat. These browsers integrate large language models directly into the browsing experience, enabling them to process and summarize web content in real-time. While enhancing user productivity, they introduce risks such as session memory leakage, “auto-prompting” that sends page content to third-party models, and shared cookies that can blur identity boundaries, effectively bypassing established security tools.
Browser extensions represent a pervasive yet largely ungoverned software supply chain within enterprises. The report found that 99% of enterprise users have at least one extension installed, with over half granting high or critical permissions. A significant portion (26%) of these extensions are sideloaded, and 54% are published through personal Gmail accounts, often lacking verification or timely updates. This landscape permits a stealthy pathway for potential supply chain implants.
The report also exposes critical gaps in identity governance, noting that over two-thirds (68%) of corporate logins occur outside of Single Sign-On (SSO) systems, and 43% utilize personal credentials. This makes it challenging for security teams to track who accesses what and from where, positioning browser session tokens, rather than passwords, as a primary target for sophisticated attacks, as demonstrated by groups like Scattered Spider.
Modern workflows have increasingly shifted away from file uploads towards browser-based pasting and AI prompting within SaaS and messaging applications. The report highlights that 62% of pastes into messaging apps contain PII/PCI, with 87% of this activity occurring through non-corporate accounts. Incidents like the Rippling/Deel leak underscore how unmonitored chat applications within the browser can serve as vectors for data breaches, overlooked by tools designed to inspect processes, network traffic, or files.
To address these blind spots, the report advocates for a new generation of “session-native controls.” These capabilities offer browser-native visibility, operating at the session level to monitor copy/paste and upload activities, detect unmanaged GenAI tools and extensions, enforce session isolation, and apply DLP to non-file-based interactions. Such a modern browser security platform aims to provide these protections without necessitating a change in the user’s browser.
The “Browser Security Report 2025” serves as a stark reminder that the modern enterprise browser, once a simple access point, has evolved into a complex and often unguarded frontier in the battle against cyber threats. Understanding and implementing these session-level controls is becoming imperative for chief information security officers seeking to fortify their defenses against the next wave of data leaks and identity compromises.