In accordance with the brand new Browser Safety Report 2025, security leaders are discovering that the majority identification, SaaS, and AI-related dangers converge in a single place, the consumer’s browser. But conventional controls like DLP, EDR, and SSE nonetheless function one layer too low.
What’s rising is not only a blindspot. It is a parallel menace floor: unmanaged extensions appearing like provide chain implants, GenAI instruments accessed by way of private accounts, delicate information copy/pasted immediately into immediate fields, and periods that bypass SSO altogether.
This text unpacks the important thing findings from the report and what they reveal in regards to the shifting locus of management in enterprise security.
GenAI Is Now the Prime Data Exfiltration Channel
The rise of GenAI in enterprise workflows has created an enormous governance hole. Practically half of staff use GenAI instruments, however most accomplish that by way of unmanaged accounts, outdoors of IT visibility.
Key stats from the report:
- 77% of staff paste information into GenAI prompts
- 82% of these pastes come from private accounts
- 40% of uploaded recordsdata comprise PII or PCI
- GenAI accounts for 32% of all corporate-to-personal information motion
Legacy DLP instruments weren’t designed for this. The browser has develop into the dominant channel for copy/paste exfiltration, unmonitored and policy-free.
AI Browsers Are An Rising Menace Floor
One other rising browser-based menace floor is ‘agentic’ AI browsers, which mix the standard security dangers of browsers with the brand new considerations over AI utilization.
AI browsers like OpenAI’s Atlas, Arc Search, and Perplexity Browser are redefining how customers work together with the online, merging search, chat, and searching right into a single clever expertise. These browsers combine massive language fashions immediately into the searching layer, enabling them to learn, summarize, and motive over any web page or tab in actual time. For customers, this implies seamless productiveness and contextual help. However for enterprises, it represents a brand new and largely unmonitored assault floor: an “always-on co-pilot” that quietly sees and processes all the things an worker can, with out coverage enforcement or visibility into what’s being shared with the cloud.
The dangers are vital and multifaceted: session reminiscence leakage exposes delicate information by way of AI-powered personalization; invisible “auto-prompting” sends web page content material to third-party fashions; and shared cookies blur identification boundaries, enabling potential hijacks. With no enterprise-grade guardrails, these AI browsers successfully bypass conventional DLP, SSE, and browser security instruments, making a file-less, invisible path for information exfiltration. As organizations embrace GenAI and SaaS-driven workflows, understanding and addressing this rising blind spot is vital to stopping the following era of knowledge leaks and identification compromises.
Browser Extensions: The Most Widespread and Least Ruled Provide Chain
99% of enterprise customers have at the very least one extension put in. Over half grant excessive or vital permissions. Many are both sideloaded or printed by Gmail accounts, with no verification, updates, or accountability.
From the telemetry:
- 26% of extensions are sideloaded
- 54% are printed by Gmail accounts
- 51% have not been up to date in over a 12 months
- 6% of GenAI-related extensions are categorised as malicious
This is not about productiveness anymore, it is an unmanaged software program provide chain embedded in each endpoint.
Id Governance Ends on the IdP. Threat Begins within the Browser.
The report finds that over two-thirds of logins occur outdoors of SSO, and practically half use private credentials, making it unimaginable for security groups to know who’s accessing what, or from the place.
Breakdown:
- 68% of company logins are accomplished with out SSO
- 43% of SaaS logins use private accounts
- 26% of customers reuse passwords throughout a number of accounts
- 8% of browser extensions entry customers’ identities or cookies
Attacks like Scattered Spider proved this: browser session tokens, not passwords, are actually the first goal.
SaaS and Messaging Apps Are Quietly Exfiltrating Delicate Data
Workflows that when relied on file uploads have shifted towards browser-based pasting, AI prompting, and third-party plugins. Most of this exercise now happens within the browser layer, not the app.
Noticed behaviors:
- 62% of pastes into messaging apps embody PII/PCI
- 87% of that occurs by way of non-corporate accounts
- On common, customers paste 4 delicate snippets per day into non-corporate instruments
In incidents just like the Rippling/Deel leak, the breach did not contain malware or phishing, it got here from unmonitored chat apps contained in the browser.
Conventional Instruments Weren’t Constructed for This Layer
EDR sees processes. SSE sees community site visitors. DLP scans recordsdata. None of them examine what’s taking place inside the session, like which SaaS tab is open, what information is being pasted, or which extension is injecting scripts.
Safety groups are blind to:
- Shadow AI utilization and immediate inputs
- Extension exercise and code adjustments
- Private vs. company account crossovers
- Session hijacking and cookie theft
That is why securing the browser requires a brand new strategy.
Session-Native Controls Are the Subsequent Frontier
To regain management, security groups want browser-native visibility, capabilities that function on the session degree with out disrupting consumer expertise.
What this consists of:
- Monitoring copy/paste and uploads throughout apps
- Detecting unmanaged GenAI instruments and extensions
- Implementing session isolation and SSO in all places
- Making use of DLP to non-file-based interactions
A contemporary browser security platform, just like the one outlined within the full report, can present these controls with out forcing customers onto a brand new browser.
Learn the Full Report back to See the Blindspots You are Lacking
The Browser Safety Report 2025 presents a data-rich view into how the browser has quietly develop into essentially the most vital and weak endpoint within the enterprise. With insights from tens of millions of actual browser periods, it maps the place in the present day’s controls fail and the place fashionable breaches start.
Obtain the complete report back to see what conventional controls are lacking, and what high CISOs are doing subsequent.
