According to the new Browser Security Report 2025, security leaders are realizing that most identity, SaaS, and AI-related risks are concentrated in one place: the user’s browser. However, traditional controls such as DLP, EDR, and SSE still operate one layer below.
What is revealed is more than just a blind spot. This is the surface of parallel threats such as unmanaged extensions that act like supply chain implants, GenAI tools accessed through personal accounts, sensitive data copied/pasted directly into prompt fields, and sessions that bypass SSO entirely.
This article identifies key findings from the report and what they reveal about the changing locus of control in enterprise security.
GenAI is now the top data extraction channel
The rise of GenAI in enterprise workflows is creating a significant governance gap. Almost half of employees use GenAI tools, but most do so outside of IT visibility and through unmanaged accounts.
Key statistics of the report:
77% of employees paste data into GenAI prompts 82% of those pastes are from personal accounts 40% of uploaded files contain PII or PCI GenAI accounts for 32% of all business-to-personal data movements
Traditional DLP tools weren’t designed for this. Browsers are the primary channel for copy/paste exfiltration, with no oversight or policies.
AI browsers are a new threat surface
Another emerging browser-based threat surface is “agent” AI browsers. This blends the traditional security risks of browsers with new concerns about the use of AI.
AI browsers like OpenAI’s Atlas, Arc Search, and Perplexity Browser are redefining the way users interact with the web, combining search, chat, and browsing into one intelligent experience. These browsers integrate large-scale language models directly into the browsing layer, allowing you to read, summarize, and reason about any page or tab in real time. For users, this means seamless productivity and context-sensitive assistance. But for enterprises, this represents a new attack surface that is largely unmonitored. It’s an “always-on co-pilot” that silently monitors and processes everything your employees can do, without enforcing policies or having visibility into what’s being shared with the cloud.
The risks are significant and multifaceted. Session memory leaks expose sensitive data through AI-powered personalization. An invisible “auto-prompt” sends the page’s content to a third-party model. Shared cookies also blur the lines of identity, opening the door to hijacking. Lacking enterprise-grade guardrails, these AI browsers effectively bypass traditional DLP, SSE, and browser security tools, creating a fileless and invisible data exfiltration path. As organizations adopt GenAI and SaaS-driven workflows, understanding and addressing this new blind spot is critical to preventing next-generation data leaks and identity compromises.
Browser extensions: the most widespread and least managed supply chain
99% of enterprise users have at least one extension installed. More than half have granted high or significant privileges. Many are sideloaded or published by Gmail accounts without verification, updates, or accountability.
From telemetry:
26% of extensions are sideloaded 54% are published by Gmail accounts 51% haven’t been updated in more than a year 6% of GenAI-related extensions are classified as malicious
This is no longer a productivity issue, but an unmanaged software supply chain embedded in every endpoint.
Identity governance ends at the IdP. The risk starts in your browser.
According to the report, more than two-thirds of logins occur outside of SSO, and nearly half use personal credentials, making it impossible for security teams to know who is accessing what and from where.
break:
68% of corporate logins are done without SSO 43% of SaaS logins are using personal accounts 26% of users reuse passwords across multiple accounts 8% of browser extensions have access to users’ IDs or cookies
Attacks like Scattered Spider have proven this. Browser session tokens are now the primary target, rather than passwords.
SaaS and messaging apps secretly extract sensitive data
Workflows that once relied on file uploads are moving to browser-based paste, AI prompts, and third-party plugins. Most of this activity now occurs in the browser layer rather than in the app.
Observed behavior:
62% of pastes to messaging apps contain PII/PCI 87% of them occur via non-corporate accounts On average, users paste 4 sensitive snippets into non-corporate tools per day
In incidents like the Ripling/Deel leak, the breach did not involve malware or phishing, but rather originated from an unmonitored chat app within the browser.
Traditional tools were not built for this layer
EDR is process aware. SSE is aware of network traffic. DLP scans files. There’s nothing to inspect what’s happening within the session, such as which SaaS tabs are open, what data is pasted, or which extensions are injecting scripts.
Security teams don’t know that:
Using Shadow AI and prompting Modifying extension activity and code Crossover between personal and corporate accounts Session hijacking and cookie theft
Therefore, new approaches are needed to secure browsers.
Session-native controls are the next frontier
To take back control, security teams need browser-native visibility, the ability to operate at the session level without disrupting the user experience.
This includes:
Monitor copy/paste and uploads between apps Detect unmanaged GenAI tools and extensions Enforce session isolation and SSO everywhere Apply DLP to non-file-based interactions
Modern browser security platforms, such as those outlined throughout the report, can provide these controls without forcing users into a new browser.
Read the full report to see what blind spots you’re missing
The Browser Security Report 2025 provides rich data on how browsers have become the most critical and vulnerable endpoints within enterprises. Using insights from millions of real browser sessions, we map where today’s controls fail and where the latest breaches begin.
Download the full report to find out what traditional management is missing and what top CISOs are doing next.
Source link
