- Report warns hackers are exploiting browser agents which don’t know how to spot fake URLs
- A Browser AI Agent gave full Google Drive access to a malicious app without hesitation
- SquareX says AI agents are more vulnerable than humans to even basic cyberattacks
A dramatic shift in enterprise security has emerged with the adoption of Browser AI Agents, an automated tool that interacts with the web on behalf of users – however these agents have now become a major blind spot in cybersecurity defenses.
New research from SquareX has claimed browser AI Agents are more likely to fall prey to cyberattacks than employees – challenging the long-standing belief that human error is the weakest link.
Unlike staff who undergo regular cybersecurity training, agents cannot recognize “suspicious URLs, excessive permission requests, or unusual website designs,” the company says.
A new weakest link emerges in enterprise cybersecurity
“The arrival of Browser AI Agents have dethroned employees as the weakest link within organizations,” said Vivek Ramachandran, CEO of SquareX.
These agents are capable of mimicking user behavior to perform tasks such as booking flights, scheduling meetings, or replying to emails – however, their fundamental weakness lies in their complete lack of security intuition.
Their responses are entirely task-driven and devoid of the critical thinking needed to assess risk.
In a notable demonstration, SquareX used the open source Browser Use framework to instruct an AI agent to register for a file-sharing tool.
The agent instead granted a malicious application access to a user’s email account, despite “irrelevant permissions, unfamiliar brands, suspicious URLs” that would have stopped a human.
In another case, an agent was tricked into entering login credentials on a phishing site, following a routine Salesforce login instruction.
Part of the danger stems from the way Browser AI Agents operate, as they run with the same privileges as the user, which makes their actions indistinguishable from legitimate behavior.
“Optimistically, these agents have the security awareness of an average employee, making them vulnerable to even the most basic attacks, let alone bleeding-edge ones,” SquareX said.
“Critically, these Browser AI Agents are running on behalf of the user, with the same privilege level to access enterprise resources.”
Once an agent is compromised, attackers gain undetected access to internal systems, with all the permissions of a trusted employee.
The current crop of security solutions, ranging from the best endpoint protection to the best ZTNA solution, does not sufficiently account for these agents.
Even the best FWAAS deployments may struggle to flag actions that seem legitimate but originate from a compromised AI.
“Until the day browsers develop native guardrails for Browser AI Agents, enterprises must incorporate browser-native solutions like Browser Detection and Response to prevent these agents from being tricked into performing malicious tasks,” the researchers note.
However, the broader message remains urgent: AI agents need not only smart engineering but smarter oversight.
