New Browser Security Report Reveals Emerging Threats for Enterprises - The Hacker News

New Browser Security Report Reveals Emerging Threats for Enterprises The Hacker NewsNov 10, 2025Browser Security / Enterprise Security According to the new Browser Security Report 2025, security leaders are discovering that most identity, SaaS, and AI-related risks converge in a single place, the user’s browser. Yet traditional controls like DLP, EDR, and SSE still operate one layer too low. What’s emerging isn’t just a blindspot. It’s a parallel threat surface: unmanaged extensions acting like supply chain implants, GenAI tools accessed through personal accounts, sensitive data copy/pasted directly into prompt fields, and sessions that bypass SSO altogether. This article unpacks the key findings from the report and what they reveal about the shifting locus of control in enterprise security. GenAI Is Now the Top Data Exfiltration Channel The rise of GenAI in enterprise workflows has created a massive governance gap. Nearly half of employees use GenAI tools, but most do so through unmanaged accounts, outside of IT visibility. Key stats from the report: 77% of employees paste data into GenAI prompts 82% of those pastes come from personal accounts 40% of uploaded files contain PII or PCI GenAI accounts for 32% of all corporate-to-personal data movement Legacy DLP tools weren’t designed for this. The browser has become the dominant channel for copy/paste exfiltration, unmonitored and policy-free. AI Browsers Are An Emerging Threat Surface Another emerging browser-based threat surface is ‘agentic’ AI browsers, which blend the traditional security risks of browsers with the new concerns over AI usage. AI browsers like OpenAI’s Atlas, Arc Search, and Perplexity Browser are redefining how users interact with the web, merging search, chat, and browsing into a single intelligent experience. These browsers integrate large language models directly into the browsing layer, enabling them to read, summarize, and reason over any page or tab in real time. For users, this means seamless productivity and contextual assistance. But for enterprises, it represents a new and largely unmonitored attack surface: an “always-on co-pilot” that quietly sees and processes everything an employee can, without policy enforcement or visibility into what’s being shared with the cloud. The risks are significant and multifaceted: session memory leakage exposes sensitive data through AI-powered personalization; invisible “auto-prompting” sends page content to third-party models; and shared cookies blur identity boundaries, enabling potential hijacks. With no enterprise-grade guardrails, these AI browsers effectively bypass traditional DLP, SSE, and browser security tools, creating a file-less, invisible path for data exfiltration. As organizations embrace GenAI and SaaS-driven workflows, understanding and addressing this emerging blind spot is critical to preventing the next generation of data leaks and identity compromises. Browser Extensions: The Most Widespread and Least Governed Supply Chain 99% of enterprise users have at least one extension installed. Over half grant high or critical permissions. Many are either sideloaded or published by Gmail accounts, with no verification, updates, or accountability. From the telemetry: 26% of extensions are sideloaded 54% are published by Gmail accounts 51% haven’t been updated in over a year 6% of GenAI-related extensions are classified as malicious This isn’t about productivity anymore, it’s an unmanaged software supply chain embedded in every endpoint. Identity Governance Ends at the IdP. Risk Starts in the Browser. The report finds that over two-thirds of logins happen outside of SSO, and nearly half use personal credentials, making it impossible for security teams to know who is accessing what, or from where. Breakdown: 68% of corporate logins are done without SSO 43% of SaaS logins use personal accounts 26% of users reuse passwords across multiple accounts 8% of browser extensions access users’ identities or cookies Attacks like Scattered Spider proved this: browser session tokens, not passwords, are now the primary target. SaaS and Messaging Apps Are Quietly Exfiltrating Sensitive Data Workflows that once relied on file uploads have shifted toward browser-based pasting, AI prompting, and third-party plugins. Most of this activity now occurs in the browser layer, not the app. Observed behaviors: 62% of pastes into messaging apps include PII/PCI 87% of that happens via non-corporate accounts On average, users paste 4 sensitive snippets per day into non-corporate tools In incidents like the Rippling/Deel leak, the breach didn’t involve malware or phishing, it came from unmonitored chat apps inside the browser. Traditional Tools Weren’t Built for This Layer EDR sees processes. SSE sees network traffic. DLP scans files. None of them inspect what’s happening inside the session, like which SaaS tab is open, what data is being pasted, or which extension is injecting scripts. Security teams are blind to: Shadow AI usage and prompt inputs Extension activity and code changes Personal vs. corporate account crossovers Session hijacking and cookie theft That’s why securing the browser requires a new approach. Session-Native Controls Are the Next Frontier To regain control, security teams need browser-native visibility, capabilities that operate at the session level without disrupting user experience. What this includes: Monitoring copy/paste and uploads across apps Detecting unmanaged GenAI tools and extensions Enforcing session isolation and SSO everywhere Applying DLP to non-file-based interactions A modern browser security platform, like the one outlined in the full report, can provide these controls without forcing users onto a new browser. Read the Full Report to See the Blindspots You’re Missing The Browser Security Report 2025 offers a data-rich view into how the browser has quietly become the most critical and vulnerable endpoint in the enterprise. With insights from millions of real browser sessions, it maps where today’s controls fail and where modern breaches begin. Download the full report to see what traditional controls are missing, and what top CISOs are doing next. Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  artificial intelligence, Browser extensions, browser security, Cloud security, cybersecurity, data breach, Data Loss Prevention, enterprise security, Identity Management, SaaS Trending News APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel ⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack and Vibe-Coded Malware Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1 149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict ThreatsDay Bulletin: DDR5 Bot Scalping, Samsung TV Tracking, Reddit Privacy Fine and More Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues Load More ▼ Popular Resources Identity Controls Checklist: Find Missing Protections in Apps Read CYBER360 2026: From Zero Trust Limits to Data-Centric Security Paths Self-Hosted WAF: Block SQLi, XSS, and Bots Before They Reach Your Apps 19,053 Confirmed Breaches in 2025 – Key Trends and Predictions for 2026