SquareX Research Reveals Browser AI Agents Are Now ‘Weakest Link’ When It Comes to Cybersecurity

Congratulations, humans! You are no longer the weakest link in cybersecurity, according to Square X research.

SquareX’s research reveals that Browser AI Agents are more likely to fall prey to cyberattacks than employees, making them the new weakest link that enterprise security teams need to look out for.

Browser AI Agents are software applications that act on behalf of users to access and interact with web content. Users can instruct these agents to automate browser-based tasks such as flight bookings, scheduling meetings, sending emails, and even simple research tasks. The productivity gains that Browser AI Agents provide make them an extremely compelling tool for employees and organisations alike. Indeed, a survey from PWC found that 79% of organisations have already adopted browser agents today.

Yet, Browser AI Agents expose organisations to a massive security risk. These agents are trained to complete the tasks they are instructed to do, with little to no understanding of the security implications of their actions. Unlike human employees, Browser AI Agents are not subject to regular security awareness training. They cannot recognise visual warning signs like suspicious URLs, excessive permission requests, or unusual website designs that typically alert employees of a malicious site.

Consequently, Browser AI Agents, according to SquareX, are more likely to fall prey to browser-based attacks than even a regular employee. Even if it is possible for users to add these guardrails, the overhead required to extensively write the security risk of every task performed by the agent in every prompt would probably outweigh the productivity gains. More importantly, employees using Browser AI Agents are unlikely to have enough security expertise to be able to write such a prompt in the first place.

SquareX Demonstrates Browser AI Agents’ Flaws

With the popular open-source Browser Use framework used by thousands of organisations, SquareX demonstrated how the Browser AI Agent, instructed to find and register for a file-sharing tool, succumbed to an OAuth attack. In the process of completing its task, it granted a malicious app complete access to the user’s email despite multiple suspicious signals—irrelevant permissions, unfamiliar brands, suspicious URLs—that likely would have stopped most employees from granting these permissions. In other scenarios, these agents might expose the user’s credit card information to a phishing site while trying to purchase groceries or disclose sensitive data when responding to emails from an impersonation attack.

Unfortunately, neither browsers nor traditional security tools can differentiate between actions performed by users and these agents. Thus, it is critical for enterprises working with Browser AI Agents to provide browser-native guardrails that will prevent agents and employees alike from falling prey to these attacks.

Vivek Ramachandran, Founder and CEO of SquareX, warns: “The arrival of Browser AI Agents have dethroned employees as the weakest link within organisations. Optimistically, these agents have the security awareness of an average employee, making them vulnerable to even the most basic attacks, let alone bleeding-edge ones. Critically, these Browser AI Agents are running on behalf of the user, with the same privilege level to access enterprise resources. Until the day browsers develop native guardrails for Browser AI Agents, enterprises must incorporate browser-native solutions like Browser Detection and Response to prevent these agents from being tricked into performing malicious tasks. Eventually, the new generation of identity and access management tools will also have to take into account Browser AI Agent identities to implement granular access controls on agentic workflows.”

To learn more about SquareX’s security research, visit http://sqrx.com/browser-ai-agents.

SquareX’s research team is also holding a webinar on 11 July 2025 at 10 a.m. PT/1 p.m. ET to dive deeper into the research findings. To register, users can click here.