Employees, long considered the weakest link in an organization, have been replaced by AI agents, according to secure browser extension provider SquareX.

Browser AI Agents are software applications that act on behalf of users to access and interact with web content.

Users can instruct agents to automate browser-based tasks such as booking flights, scheduling meetings, sending emails, and simple research tasks.

The productivity gains that Browser AI Agents provide make them an extremely compelling tool for employees and organizations. A survey from PWC found that 79 percent of organizations have already adopted browser agents today.

These agents can expose organizations to a massive security risk, according to SquareX.

The agents are trained to complete the tasks they are instructed to do, with little to no understanding of the security implications of their actions.

Unlike human employees, Browser AI Agents are not subject to regular security awareness training. They cannot recognize visual warning signs like suspicious URLs, excessive permission requests, or unusual website designs that typically alert employees of a malicious site. As a result, Browser AI Agents are more likely to fall prey to browser-based attacks than a regular employee.

The overhead required to extensively write the security risk of every task performed by the agent in every prompt would probably outweigh the productivity gains. Moreover, employees using Browser AI Agents are unlikely to have the security expertise to write such a prompt in the first place.

With the popular open-source Browser Use framework used by thousands of organizations, SquareX demonstrated how the Browser AI Agent, instructed to find and register for a file-sharing tool, succumbed to an OAuth attack.

In the process of completing its task, it granted a malicious app complete access to the user’s email despite multiple suspicious signals — irrelevant permissions, unfamiliar brands, suspicious URLs — that likely would have stopped most employees from granting these permissions.

In other scenarios, these agents might expose the user’s credit card information to a phishing site while trying to purchase groceries or disclose sensitive data when responding to emails from an impersonation attack.

Neither browsers nor traditional security tools differentiate between actions performed by users versus agents. Enterprises working with Browser AI Agents should provide browser-native guardrails that will prevent agents and employees from falling prey to these attacks.

“The arrival of Browser AI Agents have dethroned employees as the weakest link within organizations. Optimistically, these agents have the security awareness of an average employee, making them vulnerable to even the most basic attacks, let alone bleeding-edge ones,” warned Vivek Ramachandran, founder & CEO of SquareX. “Critically, these Browser AI Agents are running on behalf of the user, with the same privilege level to access enterprise resources. Until browsers develop native guardrails for Browser AI Agents, enterprises must incorporate browser-native solutions like Browser Detection and Response to prevent these agents from being tricked into performing malicious tasks. Eventually, the new generation of identity and access management tools will also have to take into account Browser AI Agent identities to implement granular access controls on agentic workflows.”