As Saas and Cloud-Native rebuild their businesses, web browsers emerged as new endpoints. However, unlike endpoints, browsers remain largely unsupervised despite having more responsibility 70% of the latest malware attacks.
Maintaining Aware’s recent browser security reports highlights the major concerns security leaders face using web browsers in most of their employees. The reality is that Traditional security tools don’t know what happens in the browserand the attackers know that.
Important findings:
- 70% of the phishing campaign Misuse your users’ trust by impersonating Microsoft, OneDrive, or Office 365.
- Over 150 Reliable Platforms Like Google Docs and Dropbox, they host phishing and removing data to host data.
- 10% of AI prompts Includes sensitive business content poses risk across thousands of browser-based AI tools.
- 34% of file uploads On company devices, you will often be moved to a personal account that is not detected.
New attack patterns bypass traditional defenses
From real-time morphing phishing kits to JavaScript-based credential theft, attackers are bypassing firewalls, SWGs, and even EDRs. Here’s how:
Malware reassembly in your browser
Threats are delivered as fragments that are only active when assembled within a browser, making them invisible to network or endpoint tools.
Multi-Step Fishing
Phishing pages dynamically provide different content depending on who is watching. Users see scams and scanners don’t see anything. Microsoft remains the most spoofed target.
I live from a reliable platform
The attacker is hiding behind the URL from the reputable SaaS platform. Security tools allow this by default. Lead the enemy on a clear path.
The security stack must evolve to detect, analyze, and respond to actual threats: in-browser. Relying solely on perimeter-based defenses such as SWGs and network security tools is no longer sufficient.
AI: The next great (unsurveillanced) security risk
and 75% of employees using generator AIMost companies don’t realize that data is pasted into models like CHATGPT, or third-party browser extensions are doing it in the background. Unlike traditional apps, AI tools do not have defined security perimeters.
IT and security teams often respond reactively to AI adoption rather than proactively managing them. Traditional policy-based approaches have struggled with adoption of AI.
- AI applications are being created rapidly, with static tolerance/denial lists disabled.
- Employees often switch between individuals and businesses’ use of AI, and carry out even more ambiguous enforcement.
- Many AI models are embedded within other platforms, making detection and control even more difficult.
This results in inconsistent governance that faces the challenge of defining and enforcing policies in an environment that does not have clear usage boundaries.
With AI regulations becoming more stringent, visibility and control over AI adoption is essential and no longer an option. Organizations should track usage, detect risks and flag sensitive data exposures before compliance pressures increase. Proactive surveillance today will lay the foundation for AI governance tomorrow.
DLP can’t keep up with browsers
Legacy Data Loss Prevention Systems are designed for email and endpoints. It’s not for workflows with a lot of browsers today. While browsers have become the main channel of data movement, traditional DLP solutions can only see where network traffic is sent, rather than the actual destination application that processes the data.
The most recent data removal risks include:
- Paste the API key into a browser-based tool
- Upload your document to your personal Google Drive
- Copy customer data to AI assistant
Even well-intentioned employees can unintentionally leak their IP when switching between work and personal accounts. Legacy tools cannot be detected.
With data moving more than ever before moving through your browser, DLP needs to evolve to recognize application context, user actions, and business intent. A unified browser-based DLP model allows security teams to enforce consistent data protection policies across all destinations, while controlling high-risk actions.
No one has seen the expansion issue
Despite minimal technological advancements over the years, browser extensions feature unprecedented access to sensitive organizational data and user identity. While security teams strictly control software updates, patches, and endpoint security policies, extensions continue to be an attack surface that is often overlooked by traditional security frameworks. During a user data survey, the Keep Ceware team discovered:
- 46% Provides extension productivity use cases.
- 20% They fall into lifestyle categories such as shopping and social plugins.
- 10% Excessive permissions are classified as high or serious risk.
Permissions that allow full-page access, session tracking, or network intercept are still too common, even for extensions downloaded from trusted marketplaces.
As extensions continue to act as both a productivity tool and a security debt, businesses need to implement a stronger review process, visibility management, and proactive defense to protect their browsers from within.
Download the full report.
Shadows that live in browser
Shadow It’s not just about using applications that are no longer authorized from time to time. This has been a major challenge for enterprise security. Employees regularly employ SaaS applications, personal file sharing services, and third-party AI tools without supervision, often integrating them into real business data and daily work.
Employees with different job functions interact with multiple organizational instances of the same application on a daily basis. In many cases, they do not recognize the security impact.
- Marketing & Creative Team: Members of the Marketing Team may accidentally upload assets to their partner Google Drive rather than official instances of the company, leading to unintended data exposures.
- Consultants and client roles: Consultants working with multiple clients can access client-specific SharePoint sites and create unconscious security gaps as sensitive data is shared across different organizations.
- Professional Services and External Collaboration: In industries such as law and accounting, which rely heavily on external collaboration, employees frequently work on more than 15 different SharePoint instances, introducing major challenges in monitoring data movement.
This explosion of shadow Create large security gaps, especially as product-driven growth platforms completely bypass the procurement process.
Instead of classifying an application as a business or consumer, security teams should assess the intent behind employee interactions, the account context in which the tool is used, and the real-time risk associated with SaaS activity. This means accepting dynamic risk assessment, context-aware access control, and continuous monitoring beyond static policies. Browsers become the most important point of visibility, revealing logins, account switching, MFA status, consent-based access requests, and data movement across organizational boundaries.
Forward path: Browser and native visibility and control
Keep Aware reports provide comprehensive insights and data points that prove that security needs to move inside your browser. As phishing campaigns evolve, malware reassembly has become more refined, AI usage has skyrocketed, browser extensions remain unchecked, and organizations that have failed to adapt remain vulnerable.
Security teams need to integrate browser security into the enterprise security stack to gain real-time visibility, detect browser and native threats, and protect those working.
If you’d like to learn more about protecting your organization from browser-based threats, please request a personalized demo.
