- Report warnings hackers utilizing browser agents who don’t know how to see fake URLs
- A browser AI -Agent gave full Google Drive access to a malicious app without hesitation
- Squarex says AI agents are more vulnerable than humans to even basic cyberattacks
A dramatic shift in corporate security has arisen with the adoption of browser AI agents, an automated tool that interacts with the Internet on behalf of users – but these agents have now become an important blind spot in cyber security defense.
New research from Squarex has claimed that browser AI agents are more likely to fall prey for cyberattacks than employees – challenging the many years of belief that human error is the weakest link.
Unlike staff undergoing regular cyber security training, agents cannot recognize “suspicious URLs, excessive permit requests or unusual site design,” the company said.
A new weakest link appears in the company’s cyber security
“The arrival of browser -Ai agents has deterred employees as the weakest link in organizations,” said Vivek Ramachandran, CEO of Squarex.
These agents are able to emulate user behavior to perform tasks such as booking flights, planning meetings or respond to e emails – but their basic weakness lies in their complete lack of security intuition.
Their answers are completely task -driven and devoid of the critical thinking needed to assess the risk.
In a remarkable demonstration, Squarex open source browser used utility frames to instruct an AI agent to register for a file sharing tool.
The agent instead assigned a malicious application access to a user’s e -mail account despite “irrelevant permissions, unknown brands, suspicious URLs” that would have stopped a human being.
In another case, an agent was tricked into entering login -credentials at a phishing place after a routine Salesforce login instruction.
Part of the danger stems from the way browser -Ai agents work when driving with the same privileges as the user, making their actions that cannot be distinguished from legitimate behavior.
“Optimistically, these agents have the security awareness of an average employee, making them vulnerable to even the most basic attacks, so much less bleeding edge,” Squarex said.
“Critically, these browser AI agents run on the user’s behalf with the same privilege level to access business resources.”
When an agent is compromised, attackers get undetected access to internal systems with all permissions from a trusted employee.
The current crop of security solutions ranging from the best end point protection to the best ZTNA solution is not sufficient for these agents.
Even the best FWAA’s implementations can struggle to mark actions that seem legitimate but stem from a compromised AI.
“Until the day browsers develop native railing for browser-IA agents, companies must incorporate browser-native solutions such as browser detection and response to prevent these agents from being tricked into performing malicious tasks,” the researchers note.
However, the wider message remains urgent: AI agents need not only Smart Engineering, but smarter supervision.
