How Can We Secure the Browser for Humans and AI Agents?

How Can We Secure the Browser for Humans and AI Agents?

Rupert Marais has spent his career on the front lines of endpoint and device security, witnessing firsthand the shift from simple virus protection to the complex management of modern network ecosystems. As an expert in cybersecurity strategies, he has a unique vantage point on how the browser has transformed from a simple window to the web into the primary “front door” for enterprise threats. Today, he shares insights from recent research into why the browser remains the most exploited surface in the workplace and how the sudden rise of AI agents is creating a new, high-speed frontier for cyberattacks.

We dive into the evolving landscape of digital threats, exploring the staggering rise in phishing and the failure of legacy security tools. Rupert explains the necessity of a new framework for governing AI behavior and provides a roadmap for organizations to move beyond reactive security measures.

With roughly 98% of cyberattacks originating from general internet usage, why does the browser continue to be the most exploited surface in the enterprise despite our best efforts to secure it?

It is a sobering reality that the tool we use for nearly every business task is also our greatest liability. The research behind the State of Browser Security Report confirms that the browser is the single most exploited surface because it is where human vulnerability meets technical complexity. We see a consistent story in the field where attackers leverage the openness of the internet to bypass legacy solutions that were never designed for this level of sophistication. It feels like a high-stakes game of cat and mouse, where the attackers are currently holding the edge by exploiting the very interface that connects us to the world.

Browser-based phishing has climbed over 140% year on year, which is a staggering increase. How are these modern phishing campaigns evolving to bypass traditional security filters?

That 140% jump is a clear sign that the old playbooks for detection are effectively obsolete in the face of AI-enhanced, evasive attacks. These modern threats are no longer just clunky emails; they are dynamic, highly convincing environments designed to trick the user’s perception and bypass traditional “detect-and-respond” tools. It is the digital equivalent of a professional sleight-of-hand trick, where the malicious payload is delivered before the security system even realizes a door has been opened. We are finding that many organizations are most exposed precisely where they rely on outdated legacy tooling that cannot keep up with these rapid shifts.

We are entering a new era where AI agents are browsing the internet on behalf of organizations. What specific risks do these “machine visitors” introduce to the network?

Introducing AI agents to the web is like opening your front door and letting in a guest who can move at a million miles an hour without understanding the house rules. These agents create entirely new pathways for prompt-injection attacks and data exfiltration that most security strategies haven’t even begun to account for. Because they execute tasks at machine speed, a breach that might take a human minutes to trigger can happen in a heartbeat, leaving security teams in the dust. It creates a sensory overload for traditional monitoring systems that were never built to track non-human behavior in a live browser environment.

How can organizations begin to build a framework for governing AI agent behavior and assigning accountability before a major incident occurs?

Governance has to start with a clear definition of what these agents are permitted to execute and which parts of the internet they are allowed to touch. You have to assign accountability early, deciding who is responsible for the “decisions” a machine makes when it encounters a prompt-injection risk or a suspicious data request. It’s about building a framework that treats AI agents with the same level of scrutiny as a high-level administrator, ensuring there are guardrails in place before something goes wrong. Without this structure, you are essentially handing over the keys to your kingdom to a piece of software that doesn’t feel the weight of its own mistakes.

Based on the findings from Infosecurity Europe 2026, where are legacy tools and replacement browsers failing most significantly in the face of these emerging threats?

The feedback from live workshop sessions on the floor at Infosecurity Europe shows a massive gap between what legacy tools can see and what is actually hitting the browser. These older systems rely on signatures and known bad behaviors, but modern threats are too evasive and change far too rapidly for those static lists to be effective. We are seeing that replacement browsers often fail because they don’t provide the deep, isolation-based security required to neutralize an attack before it reaches the endpoint. Organizations are finding themselves exposed because they are trying to solve 2026-level problems with tools designed for a much simpler era of the internet.

Do you have any advice for our readers?

My primary advice is to stop viewing the browser as just another application and start treating it as the primary operating system of your entire business. You need to look beyond the “detect-and-respond” mentality because, with browser-based phishing up 140%, the odds of a successful breach are eventually going to catch up with you. Focus on implementing a zero-trust approach at the browser level that can handle both human errors and the rapid-fire execution of AI agents. If you can effectively control and isolate that “front door,” you have already won the most critical battle against the 98% of attacks coming your way.

Subscribe to our weekly news digest.

Join now and become a part of our fast-growing community.

Invalid Email Address
Thanks for Subscribing!
We'll be sending you our best soon!
Something went wrong, please try again later