In line with the brand new Browser Safety Report 2025, safety leaders are discovering that the majority id, SaaS, and AI-related dangers converge in a single place, the consumer’s browser. But conventional controls like DLP, EDR, and SSE nonetheless function one layer too low.
What’s rising is not only a blindspot. It is a parallel menace floor: unmanaged extensions performing like provide chain implants, GenAI instruments accessed via private accounts, delicate information copy/pasted straight into immediate fields, and periods that bypass SSO altogether.
This text unpacks the important thing findings from the report and what they reveal concerning the shifting locus of management in enterprise safety.
GenAI Is Now the Prime Information Exfiltration Channel
The rise of GenAI in enterprise workflows has created a large governance hole. Almost half of workers use GenAI instruments, however most achieve this via unmanaged accounts, outdoors of IT visibility.
Key stats from the report:
- 77% of workers paste information into GenAI prompts
- 82% of these pastes come from private accounts
- 40% of uploaded information include PII or PCI
- GenAI accounts for 32% of all corporate-to-personal information motion
Legacy DLP instruments weren’t designed for this. The browser has grow to be the dominant channel for copy/paste exfiltration, unmonitored and policy-free.
AI Browsers Are An Rising Menace Floor
One other rising browser-based menace floor is ‘agentic’ AI browsers, which mix the standard safety dangers of browsers with the brand new issues over AI utilization.
AI browsers like OpenAI’s Atlas, Arc Search, and Perplexity Browser are redefining how customers work together with the online, merging search, chat, and searching right into a single clever expertise. These browsers combine massive language fashions straight into the searching layer, enabling them to learn, summarize, and motive over any web page or tab in actual time. For customers, this implies seamless productiveness and contextual help. However for enterprises, it represents a brand new and largely unmonitored assault floor: an “always-on co-pilot” that quietly sees and processes every part an worker can, with out coverage enforcement or visibility into what’s being shared with the cloud.
The dangers are vital and multifaceted: session reminiscence leakage exposes delicate information via AI-powered personalization; invisible “auto-prompting” sends web page content material to third-party fashions; and shared cookies blur id boundaries, enabling potential hijacks. With no enterprise-grade guardrails, these AI browsers successfully bypass conventional DLP, SSE, and browser safety instruments, making a file-less, invisible path for information exfiltration. As organizations embrace GenAI and SaaS-driven workflows, understanding and addressing this rising blind spot is important to stopping the subsequent technology of information leaks and id compromises.
Browser Extensions: The Most Widespread and Least Ruled Provide Chain
99% of enterprise customers have at the very least one extension put in. Over half grant excessive or important permissions. Many are both sideloaded or revealed by Gmail accounts, with no verification, updates, or accountability.
From the telemetry:
- 26% of extensions are sideloaded
- 54% are revealed by Gmail accounts
- 51% have not been up to date in over a yr
- 6% of GenAI-related extensions are categorized as malicious
This is not about productiveness anymore, it is an unmanaged software program provide chain embedded in each endpoint.
Id Governance Ends on the IdP. Danger Begins within the Browser.
The report finds that over two-thirds of logins occur outdoors of SSO, and almost half use private credentials, making it unattainable for safety groups to know who’s accessing what, or from the place.
Breakdown:
- 68% of company logins are completed with out SSO
- 43% of SaaS logins use private accounts
- 26% of customers reuse passwords throughout a number of accounts
- 8% of browser extensions entry customers’ identities or cookies
Assaults like Scattered Spider proved this: browser session tokens, not passwords, at the moment are the first goal.
SaaS and Messaging Apps Are Quietly Exfiltrating Delicate Information
Workflows that after relied on file uploads have shifted towards browser-based pasting, AI prompting, and third-party plugins. Most of this exercise now happens within the browser layer, not the app.
Noticed behaviors:
- 62% of pastes into messaging apps embody PII/PCI
- 87% of that occurs through non-corporate accounts
- On common, customers paste 4 delicate snippets per day into non-corporate instruments
In incidents just like the Rippling/Deel leak, the breach did not contain malware or phishing, it got here from unmonitored chat apps contained in the browser.
Conventional Instruments Weren’t Constructed for This Layer
EDR sees processes. SSE sees community site visitors. DLP scans information. None of them examine what’s taking place inside the session, like which SaaS tab is open, what information is being pasted, or which extension is injecting scripts.
Safety groups are blind to:
- Shadow AI utilization and immediate inputs
- Extension exercise and code adjustments
- Private vs. company account crossovers
- Session hijacking and cookie theft
That is why securing the browser requires a brand new method.
Session-Native Controls Are the Subsequent Frontier
To regain management, safety groups want browser-native visibility, capabilities that function on the session degree with out disrupting consumer expertise.
What this consists of:
- Monitoring copy/paste and uploads throughout apps
- Detecting unmanaged GenAI instruments and extensions
- Imposing session isolation and SSO in every single place
- Making use of DLP to non-file-based interactions
A contemporary browser safety platform, just like the one outlined within the full report, can present these controls with out forcing customers onto a brand new browser.
Learn the Full Report back to See the Blindspots You are Lacking
The Browser Safety Report 2025 provides a data-rich view into how the browser has quietly grow to be probably the most important and weak endpoint within the enterprise. With insights from hundreds of thousands of actual browser periods, it maps the place at the moment’s controls fail and the place fashionable breaches start.
Obtain the complete report back to see what conventional controls are lacking, and what prime CISOs are doing subsequent.
