Palo Alto, California, October ninth, 2025, CyberNewsWire
As AI Browsers quickly achieve adoption throughout enterprises, SquareX has launched crucial safety analysis exposing main vulnerabilities that would enable attackers to use AI Browsers to exfiltrate delicate knowledge, distribute malware and achieve unauthorized entry to enterprise SaaS apps.
The timing of this disclosure is especially important as main corporations together with OpenAI, Microsoft, Google and The Browser Firm have introduced or launched their very own AI browsers.
With Chrome and Edge alone representing 70% of the browser market share, it is vitally seemingly that almost all of client browsers sooner or later might be AI Browsers. Thus, it’s crucial for organizations to arrange for these safety dangers related to this elementary change.
“Similar to any AI Agent, AI Browsers are skilled to finish duties, to not be safety conscious. This makes it trivial for attackers to trick browsers like Comet into performing malicious duties, by convincing them that it’s a mandatory a part of the workflow they’re finishing,” warns Vivek Ramachandran, Founding father of SquareX, “With two main client browsers publicly saying their entry to the AI Browser race, it’s inevitable that AI Browsers would be the main approach we work together with the web sooner or later. With out the fitting browser-native answer that may implement guardrails on these AI Browsers that consider agentic identification and agentic DLP, thousands and thousands of customers might be in danger.”
Within the technical weblog, SquareX discloses just a few methods Comet was exploited, illustrating every with case research. In a single instance, in finishing a analysis activity, Comet fell prey to an OAuth assault, offering attackers with full entry to the sufferer’s e mail and Google Drive.
This allowed attackers to exfiltrate each file saved on the sufferer’s account, together with these shared by colleagues and clients.
In one other, the AI browser was finishing duties within the person’s inbox – a standard use case marketed by Comet itself – when it ended up distributing a malicious hyperlink to the sufferer’s colleague via a calendar invite.
Different examples embody tricking Comet into downloading identified malwares and emailing delicate information to attackers.
Sadly, present options like EDRs and SASE/SSE have restricted visibility into browsers. At the moment, there isn’t any solution to differentiate between actions carried out by a person or Comet, as each community requests originate from the identical browser.
Thus, it’s crucial that enterprises have a browser-native answer that may differentiate between agentic and person identities, permitting them to use differentiated guardrails on the info and actions that the AI browser can entry or carry out.
In a commentary on SquareX’s analysis, Stephen Bennett, Group CISO at Domino’s Pizza Enterprises Ltd., says “Browsers have at all times been our common gateway to the web.
AI browsers are the following logical step the place as a substitute of merely displaying data, the browser acts autonomously on our behalf. The commerce off? The place we had been as soon as firmly within the driving seat, AI browsers will push us to be passengers.”
With the growing integration of agentic AI into browsers, AI brokers could quickly dominate searching exercise over human customers.
This shift necessitates a collaboration between enterprises, browser builders, and cybersecurity corporations to create strong safety frameworks and protecting measures to stop attackers from exploiting AI Browsers.
SquareX’s findings present an important warning concerning the risks of counting on conventional options to unravel fashionable threats, and hopes to function an encouragement for an pressing industry-wide cooperation.
About SquareX
SquareX‘s browser extension turns any browser on any system into an enterprise-grade safe browser, together with AI Browsers.
SquareX’s industry-first Browser Detection and Response (BDR) answer empowers organizations to proactively defend in opposition to browser-native threats together with rogue AI brokers, Final Mile Reassembly Assaults, malicious extensions and identification assaults.
Not like devoted enterprise browsers, SquareX seamlessly integrates with customers’ present client browsers, delivering safety with out compromising person expertise.
Extra details about SquareX’s research-led innovation is out there at www.sqrx.com.
Contact
Head of PR
Junice Liew
SquareX
[email protected]
