Subscribe to the Non-Human & AI Identity Journal

What do organisations get wrong about browser security and zero trust?

Many organisations still think zero trust is only about verifying access before entry. In browser-first environments, the risk often appears after authentication, when a user moves data, installs extensions, or submits information to a public AI tool. Zero trust has to extend into the session, not stop at login.

Why This Matters for Security Teams

Browser security is often treated as a perimeter problem, but zero trust breaks if it stops at authentication. Once a session is active, the browser becomes the main control plane for file movement, SaaS access, token use, extension behaviour, and increasingly public AI submissions. Current guidance in NIST SP 800-207 Zero Trust Architecture makes clear that trust must be continuously evaluated, not assumed after login.

That matters because browser activity is dynamic and user-driven. A secure login does not prevent a sensitive document from being copied into an unsanctioned app, a token from being exfiltrated by a malicious extension, or a prompt from leaking regulated data to a public AI tool. NHIMG research on the Ultimate Guide to NHIs shows how often organisations still rely on long-lived credentials and incomplete visibility, which are the same weaknesses that make browser-based sessions so hard to contain.

In practice, many security teams discover browser risk only after data has already left the controlled environment, rather than through intentional session-level enforcement.

How It Works in Practice

Zero trust for the browser should be built around the session, the device, and the action being attempted, not just the user’s initial authentication. That means policy checks continue after sign-in and can respond to what the browser is doing in real time. The practical goal is to reduce trust as the session becomes more risky, rather than granting broad access once and hoping the session stays safe.

Security teams usually combine several controls:

  • Conditional access based on device posture, location, and risk signals.
  • Session controls that limit download, copy/paste, upload, print, and extension installation.
  • Detection of shadow SaaS and unsanctioned AI use during the active session.
  • Short-lived credentials and token binding so browser sessions cannot be reused easily elsewhere.
  • Continuous policy evaluation for sensitive workflows, especially when data classification changes mid-session.

This is where browser-first governance overlaps with NHI thinking. Sessions often carry API tokens, service credentials, or delegated access into SaaS tools, so identity controls must extend beyond human logon. NHIMG’s Guide to SPIFFE and SPIRE is relevant here because workload identity shows the direction of travel: cryptographic proof of what is acting, not just who authenticated earlier. In practice, browser security improves when access is evaluated with policy-as-code and short TTLs, while the session is still active and the user is still moving data across tools.

These controls tend to break down in unmanaged BYOD environments because the organisation cannot reliably inspect the browser, enforce extension policy, or apply consistent session telemetry.

Common Variations and Edge Cases

Tighter browser controls often increase user friction and support overhead, so organisations have to balance containment against productivity. The right model is not identical for every population: contractors, managed endpoints, executives, developers, and AI-assisted knowledge workers usually need different thresholds and different exceptions.

One common mistake is treating all browser sessions as equal. That rarely works. A low-risk intranet lookup may only need standard conditional access, while a finance workflow, admin portal, or data export path may need stronger session restrictions and step-up verification. Best practice is evolving on whether to block all public AI tools outright or allow them with classification-based controls, because there is no universal standard for this yet.

Another edge case is SaaS-heavy work where most “browser security” controls are actually identity, data loss prevention, and tenant configuration issues. The Ultimate Guide to NHIs — Standards is useful for teams trying to map browser-exposed access to identity governance disciplines. For broader zero trust design, the browser should be treated as one enforcement point inside a larger policy system, not as the whole architecture.

There is no universal standard for this yet, and controls usually fail when organisations assume a browser blocklist is enough to govern data movement across unmanaged apps and approved SaaS at the same time.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST CSF 2.0, NIST Zero Trust (SP 800-207) and NIST AI RMF set the governance and control requirements practitioners need to meet.

Framework Control / Reference Relevance
NIST CSF 2.0 PR.AA-01 Continuous auth and session risk checks fit identity assurance in browser sessions.
NIST Zero Trust (SP 800-207) ZT-07 Zero trust requires ongoing policy enforcement after initial login.
OWASP Agentic AI Top 10 A03 Browser-based AI prompts and tool use create agent-like data leakage paths.
CSA MAESTRO GOV-03 Session governance and guardrails are essential for dynamic browser activity.
NIST AI RMF AI RMF applies where browser sessions submit data to public AI tools.

Reassess browser session trust continuously instead of trusting authentication as a one-time event.