AI-Powered Browser Agents Pose Major Security Risks, Experts Warn

A recent cybersecurity warning highlights significant risks associated with AI-powered browser agents, especially for users of Chrome and Microsoft Edge. According to cybersecurity firm SquareX, the widespread adoption of agentic AI—AI tools capable of autonomously performing tasks—may pose an escalating threat to enterprise security.

Browser AI agents are now used by approximately 79% of organizations, mainly to boost productivity by automating tasks. However, unlike human users, these agents lack the ability to recognize malicious websites, suspicious URLs, excessive permission requests, or any other red flags that would typically alert an employee to a phishing attempt or other threat. As a result, attackers are now targeting these agents with browser-based attacks that traditional security measures may not prevent.

SquareX’s Vivek Ramachandran emphasizes that current browser protections, such as site whitelisting, blacklisting, and browser hardening features in enterprise versions of Chrome and Edge, are insufficient. Attacks can exploit legitimate browser functions, like OAuth authentication flows, making it nearly impossible to block them through conventional means like proxy filtering or browser settings alone.

Search results for “Salesforce” displaying a phishing site as the top link, caused by a malvertising campaign. (Image: SquareX)

A particularly alarming vulnerability arises from the fact that browser AI agents operate with the same privileges and authentication credentials as human users. In one proof-of-concept attack, a browser agent was tricked into granting access to a malicious app, despite clear warning signs. Because browsers cannot distinguish between user actions and AI-driven workflows, the potential for unauthorized access to sensitive information—emails, passwords, credit card details, and enterprise applications—is dangerously high.

Google recommends enabling Chrome’s “Enhanced Protection” mode, which provides warnings about potentially harmful websites and downloads, including emerging threats not previously identified. While this offers some defense, SquareX argues it is not enough. The firm calls for browser-native security controls, similar to Endpoint Detection and Response (EDR) systems, to govern AI agent behavior.

Ramachandran notes a growing need to rethink browser security as these AI tools become more capable and embedded in daily workflows. According to Gartner, by 2028, at least 15% of routine online tasks will be carried out by browser AI agents.

SquareX warns that without adequate safeguards, these tools could quickly become a major vulnerability in enterprise environments, as attackers are already designing malicious sites specifically to exploit their weaknesses.

Filed in Computers >Robots >Web. Read more about AI (Artificial Intelligence) and Cybersecurity.