Still, three campaigns in 12 months are making the threat more concrete. ShadyPanda infected 4.3 million users through extensions that had been legitimate for seven years. Cyberhaven’s security extension was weaponized against 400,000 corporate customers on Christmas Eve. Trust Wallet lost $8.5 million from 2,520 wallets in 48 hours. None triggered traditional alerts.
The pattern is consistent: Attackers aren’t exploiting zero-days or bypassing perimeter defenses. They’re operating inside trusted browser sessions — where traditional security tools lose visibility after login.
“Let’s be honest, people are using a browser the majority of their day anyway,” said Sam Evans, CISO of Clearwater Analytics. “Having the major security component in the browser has made our lives very simple.” That convenience is exactly what makes the browser the highest-risk execution environment enterprises still treat as infrastructure, not attack surface.
VentureBeat recently spoke with Elia Zaitsev, CTO of CrowdStrike, about what’s driving these attacks. “The browser has become a prime target because modern adversaries don’t break in, they log in,” he said.
He added that as work, communication, and AI usage move into the browser, attackers increasingly operate inside trusted sessions, abusing valid identities, tokens, and access. Traditional security controls were never designed to stop this kind of activity because they assume “trust-once” access is granted and lack visibility into what happens inside live browser sessions.
What traditional security architectures miss
Traditional enterprise security stacks were built to inspect traffic before authentication, not behavior after access is granted. Interviews with CISOs already running browser-layer controls reveal six operational patterns that consistently reduce exposure — assuming identity and endpoint foundations are in place.
The Omdia research quantifies the gap: 64% of encrypted traffic goes uninspected, and 65% of organizations lack control over data shared in AI tools, according to the study. LayerX’s Enterprise Browser Extension Security Report 2025 found that 99% of enterprise users have at least one browser extension, 53% with high or critical permissions granting access to cookies, passwords, and page content. Another 17% come from non-official stores, and 26% were sideloaded without IT knowing.
“Traditional endpoint detection products were using some machine learning, and they would get to a probability of maybe 85%,” Evans told VentureBeat. “This could be a threat, but we’re not really sure. How do we take action? Should I pull the fire alarm?”
“At the end of the day, it’s the device the person uses day in and day out that carries the highest risk,” he said.
“For a long time, the browser was treated as a window, not an execution layer,” Zaitsev said. “It was designed for searches and static web access, not for running core business applications or autonomous AI workflows. That’s changed dramatically. Today, SaaS applications, cloud identities, AI tools, and agentic workflows all run through the browser, making it the first line of enterprise execution and defense.”
Browser isolation from Menlo Security, Cloudflare, and Symantec addresses rendering threats by executing web content in remote containers. But thousands of extensions now run locally with privileged access, GenAI tools create new exfiltration paths, and session-based attacks hijack authenticated tokens. Isolation protects users before authentication — not after attackers inherit valid sessions, tokens, and extension privileges.
Three attack patterns worth understanding
Trust can be accumulated over years — then weaponized overnight.
The long game. ShadyPanda submitted clean extensions to Chrome and Edge stores in 2018, accumulated Google’s “Featured” and “Verified” badges, then weaponized them seven years later. Clean Master became a remote code execution backdoor running hourly JavaScript downloads — not malware with a fixed function, but a backdoor letting attackers decide what comes next.
The credential hijack. Browser auto-updates function as a software supply chain — and inherit its risks. Cyberhaven attackers phished one developer’s credentials in 2024. The Chrome Web Store approved the malicious upload. Within 48 hours, 400,000 corporate customers had auto-updated to compromised code.
The API key leak. Control planes are attack surfaces, not internal safeguards. Trust Wallet attackers used a leaked Chrome Web Store API key to push malicious updates, bypassing all internal release controls. Around $8.5 million had been drained from wallets by attackers within a couple days. No phishing required. No zero-days. Just the auto-update mechanism doing what it was designed to do.
Why detection fails when attackers have valid credentials
“Nation-state actors typically exploit browser access for long-term, covert intelligence collection, while financially motivated e-crime groups prioritize speed, using browser-based attacks to harvest credentials, session tokens, and sensitive data for rapid monetization or resale,” Zaitsev said. “Despite different objectives, both rely on the same browser-layer blind spot to operate inside trusted sessions and bypass traditional detection.”
Session hijacking illustrates why this matters. The most important signals are behavioral and contextual, not credentials themselves. That includes how a user interacts with the browser in real-time, whether actions align with expected behavior, how data is being accessed or moved, and whether the session context suddenly changes in ways that indicate abuse.
Once attackers capture a valid token, they replay it from anywhere. Authentication already happened, and MFA already passed. Zaitsev argues that detecting session hijacking early requires correlating in-session browser behavior with identity posture, endpoint signals, and threat intelligence. When those signals are unified, distinguishing a legitimate user from a hijacker becomes possible. That’s something siloed enterprise browsers and legacy security tools can’t see.
When productivity tools become exfiltration paths
GenAI traffic surged 890% in 2024, with organizations now averaging 66 GenAI applications, according to Palo Alto Networks’ State of Generative AI 2025 report. GenAI-related data loss incidents more than doubled, accounting for 14% of all data security incidents.
Evans remembers the board conversation that started it all. “In October 2023, they asked, ‘What are your thoughts on ChatGPT?’ I said it’s an incredible productivity tool, however, I don’t know how we could let our employees use it, because my biggest fear is somebody copies and pastes customer data into it or our source code.”
Legitimate GenAI use and data exfiltration look identical at the network level. Both are encrypted browser sessions sending data to approved SaaS endpoints, often involving copy-and-paste into browser-based tools. The distinction only becomes clear at the browser layer, where you can see what data is being pasted, whether the destination is approved, and whether the behavior matches normal work patterns.
Evans found a balance. “If somebody goes to chatgpt.com, we allow them to use it. They just can’t copy and paste anything into it. They can’t upload any files, but they can ask questions and compare answers with our corporate version.” Employees get AI for research without risking customer data in model training.
“It seems like there’s a new one every five minutes,” Evans said. “Browser-layer controls maintain those categories, so if a new tool shows up, we can feel pretty good that employees won’t be able to copy and paste or upload our data.”
The billion-dollar browser bet
CrowdStrike acquired Seraphic Security and SGNL for a combined $1.16 billion in January 2026, signaling how seriously vendors are betting on the browser layer. Palo Alto Networks bought Talon in 2023.
Two camps are emerging. Island wants enterprises to replace Chrome and Edge entirely with a purpose-built browser, and has reached a $4.8 billion valuation (March, 2025). Menlo Security bets most enterprises won’t switch browsers, so it layers protection on top of whatever employees already use.
The tradeoff is real. Replacement browsers offer deeper control but require adoption. Security layers preserve user choice but see less. Both are winning deals.
Zaitsev says neither approach works without tying browser activity to identity. Authentication tells you who logged in. It doesn’t tell you if that session gets hijacked 10 minutes later, or if the user starts exfiltrating data to an unauthorized GenAI tool. Catching that requires correlating browser behavior with endpoint and identity signals in real time — something most enterprises can’t do yet.
For buyers, the decision isn’t about vendors — it’s about whether browser activity is tied into identity, endpoint, and SOC workflows, or left as a standalone control plane.
Six patterns from production
Securing the browser that employees actually use matters more than which enterprise browser to deploy. Today’s workforce moves across multiple browsers and managed and unmanaged devices. What matters is visibility and control inside live sessions without breaking how people work.
Evans put it more simply: “I wanted security closer to the end user, on the device they use every day. Having security in the browser made our lives simple. Road warriors dealing with hotel captive portals that normally get blocked by edge products? We don’t worry about that anymore.”
Based on interviews with CISOs running browser-layer controls in production, six patterns keep showing up. One caveat: These assume you already have mature identity and endpoint infrastructure. If you don’t, start there.
Build a complete extension inventory. Use browser management APIs to enumerate every extension, flag anything requesting sensitive permissions, and cross-reference against known-malicious hashes.
Break the auto-update kill chain. Fast patching reduces exposure to known vulnerabilities but creates supply chain risk. Implement version pinning with 48- to 72-hour delays. The Cyberhaven attack was detected in roughly 25 hours. A staged rollout would have contained it.
Move data protection to where data moves. “DLP is where we got the biggest win,” Evans said. “Customer data exfiltration can happen through social media, personal file shares, and web-based email. Being able to block copy-paste into certain site categories, block file uploads was incredibly powerful.”
Eliminate browser sprawl. “It does no good to deploy an enterprise browser when someone can download Opera, or Frank’s browser of the month, and bypass all the controls,” Evans said. Every unmanaged browser is a policy-free zone.
Extend identity into sessions, treat GenAI as unvetted, feed signals to the SOC. Session hijackers inherit valid credentials but not normal behavior patterns. Watch for impossible travel, permission escalation, and bulk access anomalies. Evans found that browser-layer blocking surfaced shadow AI tools employees actually wanted, which IT could then enable properly. And browser telemetry should flow into existing SOC workflows. “The AI does initial triage,” Evans said, “telling analysts where to look based on what we’ve seen before.”
Show the board a working demo. “I didn’t just come with concerns,” Evans said. “I came with a solution. When I explained how enterprise browsers work, the board said, ‘Can you really do it?’ At our July 2024 audit committee, they asked how it was going. I said, ‘Let me show you.’ Pulled up a screenshot — here I am on ChatGPT, tried to paste something, got: ‘Policy prevents this.’ They said, ‘Wow.’ That calmed their nerves.”
The bottom line
The browser security gap is real. The fix isn’t necessarily a new platform purchase. Start by assessing what you have: inventory extensions, delay auto-updates, and enforce data policies at the browser layer with existing tools.
“No security tool is 100% perfect,” Evans said. “But with browser-layer controls deployed, we sleep a lot easier.”
Breach rates won’t improve by stacking more perimeter tools onto architectures that assume trust ends at login. Outcomes improve when you treat the browser as what it’s become: the primary execution environment for enterprise work.
